CVSS: 7.8EPSS: 3%CPEs: 1EXPL: 0CVE-2014-7909 – chromium-browser: Uninitialized memory read in Skia
https://notcve.org/view.php?id=CVE-2014-7909
19 Nov 2014 — effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before 39.0.2171.65, computes a hash key using uninitialized integer values, which might allow remote attackers to cause a denial of service by rendering crafted data. effects/SkDashPathEffect.cpp en Skia, usado en Google Chrome anterior a 39.0.2171.65, calcula una clave de hash usando valores de enteros sin inicializar, lo que podría permitir a atacantes remotos causar una denegación de servicio mediante la renderización de datos manipulados. A... • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-7900 – Gentoo Linux Security Advisory 201412-13
https://notcve.org/view.php?id=CVE-2014-7900
19 Nov 2014 — Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. Una vulnerabilidad de uso después de liberación en la función CPDF_Parser::IsLinearizedFile ubicada en fpdfapi/fpdf_parser/fpdf_parser_parser.cpp en PDFium, usada en Google Chrome anterior 39.0.2171.65, permite ... • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 14CVE-2014-7910 – GNU Bash - Environment Variable Command Injection
https://notcve.org/view.php?id=CVE-2014-7910
19 Nov 2014 — Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades sin especificar en Google Chrome anterior a 39.0.2171.65 permitirían a atacantes remotos causar una denegación de servicio o posiblemente otro impacto mediante vectores desconocidos. A buffer overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacked could potent... • https://www.exploit-db.com/exploits/34777 •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3201
https://notcve.org/view.php?id=CVE-2014-3201
10 Oct 2014 — core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows remote attackers to spoof content via a crafted web site that interferes with the scrollbar. core/rendering/compositing/RenderLayerCompositor.cpp en Blink, utilizado en Google Chrome anterior a 38.0.2125.102 en Android, no maneja debidamente cierta condición de desbordamiento de IFRAME, lo que permite a atacantes r... • http://googlechromereleases.blogspot.com/2014/10/chrome-for-android-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 1%CPEs: 5EXPL: 0CVE-2014-3198 – chromium: OOB reads in PDFium fixed in Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3198
08 Oct 2014 — The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error code, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. La función Instance::HandleInputEvent en pdf/instance.cc en el componente PDFium en Google Chrome anterior a 38.0.2125.101 interpreta cierto valor -1 como un indice en lugar de un código de error de pági... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 1%CPEs: 5EXPL: 0CVE-2014-3200 – chromium: multiple unspecified issues fixed in Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3200
08 Oct 2014 — Multiple unspecified vulnerabilities in Google Chrome before 38.0.2125.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificados en Google Chrome anterior a 38.0.2125.101 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. Multiple use-after-free issues were discovered in Blink. If a user were tricked in to opening a specially crafted w... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2014-7967 – Ubuntu Security Notice USN-2345-1
https://notcve.org/view.php?id=CVE-2014-7967
08 Oct 2014 — Multiple unspecified vulnerabilities in Google V8 before 3.28.71.15, as used in Google Chrome before 38.0.2125.101, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 anterior a 3.28.71.15, utilizado en Google Chrome anterior a 38.0.2125.101, permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. Multiple use-after-free iss... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3193 – chromium: multiple security fixes in Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3193
08 Oct 2014 — The SessionService::GetLastSession function in browser/sessions/session_service.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors that leverage "type confusion" for callback processing. La función SessionService::GetLastSession en browser/sessions/session_service.cc en Google Chrome anterior a 38.0.2125.101 permite a atacantes remotos causar una denegación de servicio (uso después de liberación... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html • CWE-416: Use After Free •
CVSS: 6.8EPSS: 0%CPEs: 55EXPL: 0CVE-2014-3187
https://notcve.org/view.php?id=CVE-2014-3187
08 Oct 2014 — Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted web site. Google Chrome anterior a 37.0.2062.60 y 38.x anterior a 38.0.2125.59 en iOS no restringe debidamente el procesamiento de las URLs (1) facetime:// y (2) facetime-audio://, lo que permite a atacantes remotos obtener datos de vídeo y audio de un dispositivo... • http://googlechromereleases.blogspot.com/2014/10/chrome-for-ios-update.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3191 – chromium: multiple security fixes in Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3191
08 Oct 2014 — Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers a widget-position update that improperly interacts with the render tree, related to the FrameView::updateLayoutAndStyleForPainting function in core/frame/FrameView.cpp and the RenderLayerScrollableArea::setScrollOffset function in core/rendering/RenderLayerScrollableArea.cpp. Vulnerabilid... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html • CWE-416: Use After Free •