CVSS: 7.8EPSS: 1%CPEs: 82EXPL: 0CVE-2014-3174 – Debian Security Advisory 3039-1
https://notcve.org/view.php?id=CVE-2014-3174
27 Aug 2014 — modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allows remote attackers to cause a denial of service (read of uninitialized memory) via crafted API calls. modules/webaudio/BiquadDSPKernel.cpp en la implementación Web Audio API en Blink, utilizado en Google Chrome anterior a 37.0.2062.94, no considera debidamente los hilos c... • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 82EXPL: 0CVE-2014-3173 – Debian Security Advisory 3039-1
https://notcve.org/view.php?id=CVE-2014-3173
27 Aug 2014 — The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer, which allows remote attackers to cause a denial of service (read of uninitialized memory) via a crafted CANVAS element, related to gpu/command_buffer/service/framebuffer_manager.cc and gpu/command_buffer/service/gles2_cmd_decoder.cc. La implementación WebGL en Google Chrome anterior a 37.0.2062.94 no asegura que llamadas claras interactúan debidamente con el estad... • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 2%CPEs: 85EXPL: 0CVE-2014-3168 – Debian Security Advisory 3039-1
https://notcve.org/view.php?id=CVE-2014-3168
27 Aug 2014 — Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation. Vulnerabilidad de uso después de liberación en la implementación SVG en Blink, utilizado en Google Chrome anterior a 37.0.2062.94, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado media... • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html •
CVSS: 9.8EPSS: 1%CPEs: 82EXPL: 0CVE-2014-3171 – Debian Security Advisory 3039-1
https://notcve.org/view.php?id=CVE-2014-3171
27 Aug 2014 — Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper use of HashMap add operations instead of HashMap set operations, related to bindings/core/v8/DOMWrapperMap.h and bindings/core/v8/SerializedScriptValue.cpp. Vulnerabilidad de uso después de liberación en los enlaces V8 en Blink, utilizado en Google Chrome anterior a 37.0.2062.94, permite a... • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html •
CVSS: 9.8EPSS: 1%CPEs: 120EXPL: 0CVE-2014-3165 – Ubuntu Security Notice USN-2320-1
https://notcve.org/view.php?id=CVE-2014-3165
13 Aug 2014 — Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an unexpectedly long lifetime of a temporary object during method completion. Vulnerabilidad de uso después de liberación en modules/websockets/WorkerThreadableWebSocketChannel.cpp en la implementación Web Sockets... • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2014-3166 – Ubuntu Security Notice USN-2320-1
https://notcve.org/view.php?id=CVE-2014-3166
13 Aug 2014 — The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names. La implementación Public Key Pinning (PKP) en Google Chrome anterior a 36.0.1985.143 en Windows, OS X, y Linux, y anterior a 36.0.1985.135 en Android, no considera correctamente las propieda... • http://googlechromereleases.blogspot.com/2014/08/chrome-for-android-update.html •
CVSS: 8.8EPSS: 0%CPEs: 120EXPL: 0CVE-2014-3167 – Ubuntu Security Notice USN-2320-1
https://notcve.org/view.php?id=CVE-2014-3167
13 Aug 2014 — Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 36.0.1985.143 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. A use-after-free was discovered in the websockets implementation in Blink. If a user were tricked in to opening a specially crafted... • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html •
CVSS: 8.8EPSS: 0%CPEs: 101EXPL: 0CVE-2014-3161
https://notcve.org/view.php?id=CVE-2014-3161
20 Jul 2014 — The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video stream. La función WebMediaPlayerAndroid::load en content/renderer/media/android/webmediaplayer_android.cc en Google Chrome anterior a 36.0.1985.122 en Android no interactúa debidamente con las redirecciones, lo qu... • http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 101EXPL: 0CVE-2014-3159
https://notcve.org/view.php?id=CVE-2014-3159
20 Jul 2014 — The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote attackers to spoof the URL in the Omnibox via unspecified vectors. La función WebContentsDelegateAndroid::OpenURLFromTab en components/web_contents_delegate_android/web_contents_delegate_android.cc en Google Chrome anterior a 36.0.1985.122 en Android no restringe debida... • http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 3%CPEs: 104EXPL: 0CVE-2014-3155 – Debian Security Advisory 2959-1
https://notcve.org/view.php?id=CVE-2014-3155
11 Jun 2014 — net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue maintenance. net/spdy/spdy_write_queue.cc en la implementación SPDY en Google Chrome anterior a 35.0.1916.153 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) mediante el aprovechamiento del mantenimiento incorrecto de colas. A type confusion bug was discovered in V8. If a us... • http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html •