CVSS: 7.8EPSS: 3%CPEs: 104EXPL: 0CVE-2014-3155
https://notcve.org/view.php?id=CVE-2014-3155
11 Jun 2014 — net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue maintenance. net/spdy/spdy_write_queue.cc en la implementación SPDY en Google Chrome anterior a 35.0.1916.153 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) mediante el aprovechamiento del mantenimiento incorrecto de colas. • http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html •
CVSS: 9.8EPSS: 1%CPEs: 104EXPL: 0CVE-2014-3156
https://notcve.org/view.php?id=CVE-2014-3156
11 Jun 2014 — Buffer overflow in the clipboard implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger unexpected bitmap data, related to content/renderer/renderer_clipboard_client.cc and content/renderer/webclipboard_impl.cc. Desbordamiento de buffer en la implementación de portapapeles en Google Chrome anterior a 35.0.1916.153 permite a atacantes remotos causar una denegación de servicio o posiblemente t... • http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 104EXPL: 0CVE-2014-3157
https://notcve.org/view.php?id=CVE-2014-3157
11 Jun 2014 — Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging VideoFrame data structures that are too small for proper interaction with an underlying FFmpeg library. Desbordamiento de buffer basado en memoria dinámica en la función FFmpegVideoDecoder::GetVideoBuffer en media/filters/ffmpeg_video_decoder.cc ... • http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 1%CPEs: 80EXPL: 0CVE-2014-1743
https://notcve.org/view.php?id=CVE-2014-1743
21 May 2014 — Use-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers tree mutation. Vulnerabilidad de uso después de liberación en la función StyleElement::removedFromDocument en core/dom/StyleElement.cpp en Blink, utilizado en Google Chrome anterior a 35.0.1... • http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 1%CPEs: 80EXPL: 0CVE-2014-1744
https://notcve.org/view.php?id=CVE-2014-1744
21 May 2014 — Integer overflow in the AudioInputRendererHost::OnCreateStream function in content/browser/renderer_host/media/audio_input_renderer_host.cc in Google Chrome before 35.0.1916.114 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large shared-memory allocation. Desbordamiento de enteros en la función AudioInputRendererHost::OnCreateStream en content/browser/renderer_host/media/audio_input_renderer_host.cc en Google Chrome anterior a 35.0.... • http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html • CWE-189: Numeric Errors •
CVSS: 6.5EPSS: 0%CPEs: 80EXPL: 0CVE-2014-1746
https://notcve.org/view.php?id=CVE-2014-1746
21 May 2014 — The InMemoryUrlProtocol::Read function in media/filters/in_memory_url_protocol.cc in Google Chrome before 35.0.1916.114 relies on an insufficiently large integer data type, which allows remote attackers to cause a denial of service (out-of-bounds read) via vectors that trigger use of a large buffer. La función InMemoryUrlProtocol::Read en media/filters/in_memory_url_protocol.cc en Google Chrome anterior a 35.0.1916.114 depende de un tipo de datos de enteros insuficientemente grande, lo que permite a atacant... • http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 80EXPL: 0CVE-2014-1747
https://notcve.org/view.php?id=CVE-2014-1747
21 May 2014 — Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka "Universal XSS (UXSS)." Vulnerabilidad de XSS en la función DocumentLoader::maybeCreateArchive en core/loader/DocumentLoader.cpp en Blink, utilizado en Google Chrome anterior a 35.0.1916.114, permite a atacantes remotos inyectar secuen... • http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 80EXPL: 0CVE-2014-1748
https://notcve.org/view.php?id=CVE-2014-1748
21 May 2014 — The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame. La función ScrollView::paint en platform/scroll/ScrollView.cpp en Blink, utilizado en Google Chrome anterior a 35.0.1916.114, permite a atacantes remotos falsificar la interfaz de usuario mediante la extensión de la representación gráfica de la barra de desplazamiento hacia el marco padre. • http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html •
CVSS: 8.8EPSS: 0%CPEs: 80EXPL: 0CVE-2014-1749
https://notcve.org/view.php?id=CVE-2014-1749
21 May 2014 — Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 35.0.1916.114 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html •
CVSS: 7.8EPSS: 0%CPEs: 80EXPL: 2CVE-2014-3803
https://notcve.org/view.php?id=CVE-2014-3803
21 May 2014 — The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute. La funcionalidad SpeechInput en Blink, utilizado en Google Chrome anterior a 35.0.1916.114, permite a atacantes remotos habilitar acceso a micrófono y obtener texto de reconocimiento de voz sin indicación a través de un elemento INPUT con un atributo -x-webkit-speech. • http://blog.guya.net/2014/04/07/to-listen-without-consent-abusing-the-html5-speech • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •