CVSS: 10.0EPSS: 0%CPEs: 82EXPL: 0CVE-2014-3175 – Debian Security Advisory 3039-1
https://notcve.org/view.php?id=CVE-2014-3175
27 Aug 2014 — Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors, related to the load_truetype_glyph function in truetype/ttgload.c in FreeType and other functions in other components. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 37.0.2062.94 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos... • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html •
CVSS: 10.0EPSS: 6%CPEs: 82EXPL: 0CVE-2014-3176 – Debian Security Advisory 3039-1
https://notcve.org/view.php?id=CVE-2014-3176
27 Aug 2014 — Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3177. Google Chrome anterior a 37.0.2062.94 no maneja debidamente la interacción de las extensiones, IPC, la API sync y Google V8, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-... • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 10.0EPSS: 6%CPEs: 82EXPL: 0CVE-2014-3177 – Debian Security Advisory 3039-1
https://notcve.org/view.php?id=CVE-2014-3177
27 Aug 2014 — Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3176. Google Chrome anterior a 37.0.2062.94 no maneja debidamente la interacción de las extensiones, IPC, la API sync, y Google V8, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE... • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.1EPSS: 0%CPEs: 82EXPL: 0CVE-2014-3172 – Debian Security Advisory 3039-1
https://notcve.org/view.php?id=CVE-2014-3172
27 Aug 2014 — The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as demonstrated by a chrome:// URL. La Api de extensión Debugger en browser/extensions/api/debugger/debugger_api.cc en Google Chrome anterior a 37.0.2062.94 no valida la URL de una pestaña antes de una operación de adjuntar, l... • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 120EXPL: 0CVE-2014-3167 – Ubuntu Security Notice USN-2320-1
https://notcve.org/view.php?id=CVE-2014-3167
13 Aug 2014 — Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 36.0.1985.143 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. A use-after-free was discovered in the websockets implementation in Blink. If a user were tricked in to opening a specially crafted... • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html •
CVSS: 9.8EPSS: 1%CPEs: 120EXPL: 0CVE-2014-3165 – Ubuntu Security Notice USN-2320-1
https://notcve.org/view.php?id=CVE-2014-3165
13 Aug 2014 — Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an unexpectedly long lifetime of a temporary object during method completion. Vulnerabilidad de uso después de liberación en modules/websockets/WorkerThreadableWebSocketChannel.cpp en la implementación Web Sockets... • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2014-3166 – Ubuntu Security Notice USN-2320-1
https://notcve.org/view.php?id=CVE-2014-3166
13 Aug 2014 — The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names. La implementación Public Key Pinning (PKP) en Google Chrome anterior a 36.0.1985.143 en Windows, OS X, y Linux, y anterior a 36.0.1985.135 en Android, no considera correctamente las propieda... • http://googlechromereleases.blogspot.com/2014/08/chrome-for-android-update.html •
CVSS: 6.5EPSS: 0%CPEs: 101EXPL: 0CVE-2014-3159
https://notcve.org/view.php?id=CVE-2014-3159
20 Jul 2014 — The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote attackers to spoof the URL in the Omnibox via unspecified vectors. La función WebContentsDelegateAndroid::OpenURLFromTab en components/web_contents_delegate_android/web_contents_delegate_android.cc en Google Chrome anterior a 36.0.1985.122 en Android no restringe debida... • http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 101EXPL: 0CVE-2014-3161
https://notcve.org/view.php?id=CVE-2014-3161
20 Jul 2014 — The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video stream. La función WebMediaPlayerAndroid::load en content/renderer/media/android/webmediaplayer_android.cc en Google Chrome anterior a 36.0.1985.122 en Android no interactúa debidamente con las redirecciones, lo qu... • http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 104EXPL: 0CVE-2014-3157 – Debian Security Advisory 2959-1
https://notcve.org/view.php?id=CVE-2014-3157
11 Jun 2014 — Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging VideoFrame data structures that are too small for proper interaction with an underlying FFmpeg library. Desbordamiento de buffer basado en memoria dinámica en la función FFmpegVideoDecoder::GetVideoBuffer en media/filters/ffmpeg_video_decoder.cc ... • http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •