CVSS: 7.8EPSS: 1%CPEs: 82EXPL: 0CVE-2014-3174
https://notcve.org/view.php?id=CVE-2014-3174
27 Aug 2014 — modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allows remote attackers to cause a denial of service (read of uninitialized memory) via crafted API calls. modules/webaudio/BiquadDSPKernel.cpp en la implementación Web Audio API en Blink, utilizado en Google Chrome anterior a 37.0.2062.94, no considera debidamente los hilos c... • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 82EXPL: 0CVE-2014-3175
https://notcve.org/view.php?id=CVE-2014-3175
27 Aug 2014 — Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors, related to the load_truetype_glyph function in truetype/ttgload.c in FreeType and other functions in other components. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 37.0.2062.94 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos... • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html •
CVSS: 10.0EPSS: 6%CPEs: 82EXPL: 0CVE-2014-3176
https://notcve.org/view.php?id=CVE-2014-3176
27 Aug 2014 — Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3177. Google Chrome anterior a 37.0.2062.94 no maneja debidamente la interacción de las extensiones, IPC, la API sync y Google V8, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-... • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 6%CPEs: 82EXPL: 0CVE-2014-3177
https://notcve.org/view.php?id=CVE-2014-3177
27 Aug 2014 — Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3176. Google Chrome anterior a 37.0.2062.94 no maneja debidamente la interacción de las extensiones, IPC, la API sync, y Google V8, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE... • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: 1%CPEs: 120EXPL: 0CVE-2014-3165
https://notcve.org/view.php?id=CVE-2014-3165
13 Aug 2014 — Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an unexpectedly long lifetime of a temporary object during method completion. Vulnerabilidad de uso después de liberación en modules/websockets/WorkerThreadableWebSocketChannel.cpp en la implementación Web Sockets... • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2014-3166
https://notcve.org/view.php?id=CVE-2014-3166
13 Aug 2014 — The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names. La implementación Public Key Pinning (PKP) en Google Chrome anterior a 36.0.1985.143 en Windows, OS X, y Linux, y anterior a 36.0.1985.135 en Android, no considera correctamente las propieda... • http://googlechromereleases.blogspot.com/2014/08/chrome-for-android-update.html •
CVSS: 8.8EPSS: 0%CPEs: 120EXPL: 0CVE-2014-3167
https://notcve.org/view.php?id=CVE-2014-3167
13 Aug 2014 — Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 36.0.1985.143 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html •
CVSS: 6.5EPSS: 0%CPEs: 101EXPL: 0CVE-2014-3159
https://notcve.org/view.php?id=CVE-2014-3159
20 Jul 2014 — The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote attackers to spoof the URL in the Omnibox via unspecified vectors. La función WebContentsDelegateAndroid::OpenURLFromTab en components/web_contents_delegate_android/web_contents_delegate_android.cc en Google Chrome anterior a 36.0.1985.122 en Android no restringe debida... • http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 101EXPL: 0CVE-2014-3161
https://notcve.org/view.php?id=CVE-2014-3161
20 Jul 2014 — The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video stream. La función WebMediaPlayerAndroid::load en content/renderer/media/android/webmediaplayer_android.cc en Google Chrome anterior a 36.0.1985.122 en Android no interactúa debidamente con las redirecciones, lo qu... • http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 1%CPEs: 104EXPL: 0CVE-2014-3154
https://notcve.org/view.php?id=CVE-2014-3154
11 Jun 2014 — Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/child_thread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a Blink shutdown. Vulnerabilidad de uso después de liberación en la función ChildThread::Shutdown en content/child/child_thread.cc en la API del sistema de archivos en Google Chrome anterior a 35.0.1916.153 permite a atacantes remotos... • http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html •