CVSS: 9.8EPSS: 1%CPEs: 82EXPL: 0CVE-2014-3171 – Debian Security Advisory 3039-1
https://notcve.org/view.php?id=CVE-2014-3171
27 Aug 2014 — Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper use of HashMap add operations instead of HashMap set operations, related to bindings/core/v8/DOMWrapperMap.h and bindings/core/v8/SerializedScriptValue.cpp. Vulnerabilidad de uso después de liberación en los enlaces V8 en Blink, utilizado en Google Chrome anterior a 37.0.2062.94, permite a... • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html •
CVSS: 9.8EPSS: 1%CPEs: 120EXPL: 0CVE-2014-3165 – Ubuntu Security Notice USN-2320-1
https://notcve.org/view.php?id=CVE-2014-3165
13 Aug 2014 — Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an unexpectedly long lifetime of a temporary object during method completion. Vulnerabilidad de uso después de liberación en modules/websockets/WorkerThreadableWebSocketChannel.cpp en la implementación Web Sockets... • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html •
CVSS: 7.5EPSS: 0%CPEs: 10EXPL: 0CVE-2014-3166 – Ubuntu Security Notice USN-2320-1
https://notcve.org/view.php?id=CVE-2014-3166
13 Aug 2014 — The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names. La implementación Public Key Pinning (PKP) en Google Chrome anterior a 36.0.1985.143 en Windows, OS X, y Linux, y anterior a 36.0.1985.135 en Android, no considera correctamente las propieda... • http://googlechromereleases.blogspot.com/2014/08/chrome-for-android-update.html •
CVSS: 8.8EPSS: 0%CPEs: 120EXPL: 0CVE-2014-3167 – Ubuntu Security Notice USN-2320-1
https://notcve.org/view.php?id=CVE-2014-3167
13 Aug 2014 — Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 36.0.1985.143 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. A use-after-free was discovered in the websockets implementation in Blink. If a user were tricked in to opening a specially crafted... • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html •
CVSS: 7.8EPSS: 1%CPEs: 105EXPL: 0CVE-2014-3160 – Ubuntu Security Notice USN-2298-1
https://notcve.org/view.php?id=CVE-2014-3160
20 Jul 2014 — The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file. La función ResourceFetcher::canRequest en core/fetch/ResourceFetcher.cpp en Blink, utilizado en Google Chrome anterior a 36.0.1985.125, no restringe debidamente las solicitudes de subrecursos asociados con ficheros SVG, lo... • http://googlechromereleases.blogspot.com/2014/07/stable-channel-update.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 101EXPL: 0CVE-2014-3161
https://notcve.org/view.php?id=CVE-2014-3161
20 Jul 2014 — The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video stream. La función WebMediaPlayerAndroid::load en content/renderer/media/android/webmediaplayer_android.cc en Google Chrome anterior a 36.0.1985.122 en Android no interactúa debidamente con las redirecciones, lo qu... • http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 0%CPEs: 101EXPL: 0CVE-2014-3159
https://notcve.org/view.php?id=CVE-2014-3159
20 Jul 2014 — The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote attackers to spoof the URL in the Omnibox via unspecified vectors. La función WebContentsDelegateAndroid::OpenURLFromTab en components/web_contents_delegate_android/web_contents_delegate_android.cc en Google Chrome anterior a 36.0.1985.122 en Android no restringe debida... • http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 0%CPEs: 105EXPL: 0CVE-2014-3162 – Ubuntu Security Notice USN-2298-1
https://notcve.org/view.php?id=CVE-2014-3162
20 Jul 2014 — Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 36.0.1985.125 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. A type confusion bug was discovered in V8. If a user were tricked in to opening a specially crafted website, an attacker could pote... • http://googlechromereleases.blogspot.com/2014/07/stable-channel-update.html •
CVSS: 7.8EPSS: 3%CPEs: 104EXPL: 0CVE-2014-3155 – Debian Security Advisory 2959-1
https://notcve.org/view.php?id=CVE-2014-3155
11 Jun 2014 — net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue maintenance. net/spdy/spdy_write_queue.cc en la implementación SPDY en Google Chrome anterior a 35.0.1916.153 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) mediante el aprovechamiento del mantenimiento incorrecto de colas. A type confusion bug was discovered in V8. If a us... • http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html •
CVSS: 8.8EPSS: 1%CPEs: 104EXPL: 0CVE-2014-3157 – Debian Security Advisory 2959-1
https://notcve.org/view.php?id=CVE-2014-3157
11 Jun 2014 — Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging VideoFrame data structures that are too small for proper interaction with an underlying FFmpeg library. Desbordamiento de buffer basado en memoria dinámica en la función FFmpegVideoDecoder::GetVideoBuffer en media/filters/ffmpeg_video_decoder.cc ... • http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •