CVE-2014-3152 – Ubuntu Security Notice USN-2298-1
https://notcve.org/view.php?id=CVE-2014-3152
21 May 2014 — Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a negative key value. Desbordamiento de enteros en la función LCodeGen::PrepareKeyedOperand en arm/lithium-codegen-arm.cc en Google V8 anterior a 3.25.28.16, utilizado en Google Chrome anterior a 35.0.1916.114, permite ... • http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html • CWE-189: Numeric Errors •
CVE-2014-1747 – Gentoo Linux Security Advisory 201408-16
https://notcve.org/view.php?id=CVE-2014-1747
21 May 2014 — Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka "Universal XSS (UXSS)." Vulnerabilidad de XSS en la función DocumentLoader::maybeCreateArchive en core/loader/DocumentLoader.cpp en Blink, utilizado en Google Chrome anterior a 35.0.1916.114, permite a atacantes remotos inyectar secuen... • http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-3803 – Ubuntu Security Notice USN-2298-1
https://notcve.org/view.php?id=CVE-2014-3803
21 May 2014 — The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute. La funcionalidad SpeechInput en Blink, utilizado en Google Chrome anterior a 35.0.1916.114, permite a atacantes remotos habilitar acceso a micrófono y obtener texto de reconocimiento de voz sin indicación a través de un elemento INPUT con un atributo -x-webkit-speech. ... • http://blog.guya.net/2014/04/07/to-listen-without-consent-abusing-the-html5-speech • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-1748 – Ubuntu Security Notice USN-2298-1
https://notcve.org/view.php?id=CVE-2014-1748
21 May 2014 — The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame. La función ScrollView::paint en platform/scroll/ScrollView.cpp en Blink, utilizado en Google Chrome anterior a 35.0.1916.114, permite a atacantes remotos falsificar la interfaz de usuario mediante la extensión de la representación gráfica de la barra de desplazamiento hacia el marco padre. A ty... • http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html •
CVE-2014-1746 – Ubuntu Security Notice USN-2298-1
https://notcve.org/view.php?id=CVE-2014-1746
21 May 2014 — The InMemoryUrlProtocol::Read function in media/filters/in_memory_url_protocol.cc in Google Chrome before 35.0.1916.114 relies on an insufficiently large integer data type, which allows remote attackers to cause a denial of service (out-of-bounds read) via vectors that trigger use of a large buffer. La función InMemoryUrlProtocol::Read en media/filters/in_memory_url_protocol.cc en Google Chrome anterior a 35.0.1916.114 depende de un tipo de datos de enteros insuficientemente grande, lo que permite a atacant... • http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-1745 – webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents
https://notcve.org/view.php?id=CVE-2014-1745
21 May 2014 — Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related to core/svg/SVGFontFaceElement.cpp. Vulnerabilidad de uso después de liberación en la implementación SVG en Blink, utilizado en Google Chrome anterior a 35.0.1916.114, permite a atacantes remotos causar una denegación de servicio o... • http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVE-2014-1742 – Ubuntu Security Notice USN-2298-1
https://notcve.org/view.php?id=CVE-2014-1742
14 May 2014 — Use-after-free vulnerability in the FrameSelection::updateAppearance function in core/editing/FrameSelection.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper RenderObject handling. Vulnerabilidad de uso después de liberación en la función FrameSelection::updateAppearance en core/editing/FrameSelection.cpp en Blink, utilizado en Google Chrome anterior a 34.0.1847.137, permite a at... • http://googlechromereleases.blogspot.com/2014/05/stable-channel-update.html • CWE-399: Resource Management Errors •
CVE-2014-1741 – Ubuntu Security Notice USN-2298-1
https://notcve.org/view.php?id=CVE-2014-1741
14 May 2014 — Multiple integer overflows in the replace-data functionality in the CharacterData interface implementation in core/dom/CharacterData.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to ranges. Múltiples desbordamientos de enteros en la funcionalidad replace-data en la implemenatción de interfaz CharacterData en core/dom/CharacterData.cpp en Blink, utilizado en Google Chrome anterior ... • http://googlechromereleases.blogspot.com/2014/05/stable-channel-update.html • CWE-189: Numeric Errors •
CVE-2014-1740 – Ubuntu Security Notice USN-2298-1
https://notcve.org/view.php?id=CVE-2014-1740
14 May 2014 — Multiple use-after-free vulnerabilities in net/websockets/websocket_job.cc in the WebSockets implementation in Google Chrome before 34.0.1847.137 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to WebSocketJob deletion. Múltiples vulnerabilidades de uso después de liberación en net/websockets/websocket_job.cc en la implementación WebSockets en Google Chrome anterior a 34.0.1847.137 permiten a atacantes remotos causar una denegación de servici... • http://googlechromereleases.blogspot.com/2014/05/stable-channel-update.html • CWE-399: Resource Management Errors •
CVE-2014-1736 – Google Chrome ImageData Signedness Error Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1736
06 May 2014 — Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value. Desbordamiento de enteros en api.cc en Google V8, utilizado en Google Chrome anterior a 34.0.1847.131 en Windows y OS X y anteriores 34.0.1847.132 en Linux, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impa... • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html • CWE-190: Integer Overflow or Wraparound •