CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-1730 – Debian Security Advisory 2920-1
https://notcve.org/view.php?id=CVE-2014-1730
26 Apr 2014 — Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc. Google V8, utilizado en Google Chrome anterior a 34.0.1847.131 en Windows y OS X y anterior a 34.0.1847.132 en Linux, no almacena debidamente metadatos de internacionalización, lo q... • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 2%CPEs: 5EXPL: 0CVE-2014-1731 – Apple Security Advisory 2014-06-30-4
https://notcve.org/view.php?id=CVE-2014-1731
26 Apr 2014 — core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. core/html/HTMLSelectElement.cpp en la implementación DOM en Blink, utilizado en Google Chrome anterior a 34.0.1847.131 ... • http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2014-1725 – Gentoo Linux Security Advisory 201408-16
https://notcve.org/view.php?id=CVE-2014-1725
09 Apr 2014 — The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via a window.atob method call. La función base64DecodeInternal en wtf/text/Base64.cpp en Blink, utilizado en Google Chrome anterior a 34.0.1847.116, no maneja debidamente cadenas de datos compuestas exclusivamente de caracteres en bla... • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html • CWE-20: Improper Input Validation •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-1727 – Gentoo Linux Security Advisory 201408-16
https://notcve.org/view.php?id=CVE-2014-1727
09 Apr 2014 — Use-after-free vulnerability in content/renderer/renderer_webcolorchooser_impl.h in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to forms. Vulnerabilidad de uso después de liberación en content/renderer/renderer_webcolorchooser_impl.h en Google Chrome anterior a 34.0.1847.116 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vector... • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-1726 – Gentoo Linux Security Advisory 201408-16
https://notcve.org/view.php?id=CVE-2014-1726
09 Apr 2014 — The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access. La implementación de arrastrar en Google Chrome anterior a 34.0.1847.116 permite a atacantes remotos asistidos por usuario evadir Same Origin Policy y falsificar nombres de ruta locales mediante el aprovechamiento de acceso de renderizador. Multiple vulnerabilities have been found in Chromium, the worst of which can allo... • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-1724 – Gentoo Linux Security Advisory 201408-16
https://notcve.org/view.php?id=CVE-2014-1724
09 Apr 2014 — Use-after-free vulnerability in Free(b)soft Laboratory Speech Dispatcher 0.7.1, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service (application hang) or possibly have unspecified other impact via a text-to-speech request. Vulnerabilidad de uso después de liberación en Free(b)soft Laboratory Speech Dispatcher 0.7.1, utilizado en Google Chrome anterior a 34.0.1847.116, permite a atacantes remotos causar una denegación de servicio (cuelgue de aplicación) o posib... • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-1729 – Gentoo Linux Security Advisory 201408-16
https://notcve.org/view.php?id=CVE-2014-1729
09 Apr 2014 — Multiple unspecified vulnerabilities in Google V8 before 3.24.35.22, as used in Google Chrome before 34.0.1847.116, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 anterior a 3.24.35.22, utilizado en Google Chrome anterior a 34.0.1847.116, permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. Multiple vulnerabilities have been found in... • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-1716 – Gentoo Linux Security Advisory 201408-16
https://notcve.org/view.php?id=CVE-2014-1716
09 Apr 2014 — Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)." Vulnerabilidad de XSS en la función Runtime_SetPrototype en runtime.cc en Google V8, utilizado en Google Chrome anterior a 34.0.1847.116, permite a atacantes remotos inyectar script Web o HTML arbitrarios a través de vectores no especificados,... • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-1721 – Gentoo Linux Security Advisory 201408-16
https://notcve.org/view.php?id=CVE-2014-1721
09 Apr 2014 — Google V8, as used in Google Chrome before 34.0.1847.116, does not properly implement lazy deoptimization, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by improper handling of a heap allocation of a number outside the Small Integer (aka smi) range. Google V8, utilizado en Google Chrome anterior a 34.0.1847.116, no implementa debidamente la recomposición perezosa (lazy deoptimization), lo ... • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2014-1723 – Gentoo Linux Security Advisory 201408-16
https://notcve.org/view.php?id=CVE-2014-1723
09 Apr 2014 — The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google Chrome before 34.0.1847.116 does not properly handle bidirectional Internationalized Resource Identifiers (IRIs), which makes it easier for remote attackers to spoof URLs via crafted use of right-to-left (RTL) Unicode text. La función UnescapeURLWithOffsetsImpl en net/base/escape.cc en Google Chrome anterior a 34.0.1847.116 no maneja debidamente los Internationalized Resource Identifiers (IRIs) bidireccionales, lo que facilita a atacant... • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html • CWE-20: Improper Input Validation •