CVSS: 7.8EPSS: 0%CPEs: 80EXPL: 2CVE-2014-3803 – Ubuntu Security Notice USN-2298-1
https://notcve.org/view.php?id=CVE-2014-3803
21 May 2014 — The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute. La funcionalidad SpeechInput en Blink, utilizado en Google Chrome anterior a 35.0.1916.114, permite a atacantes remotos habilitar acceso a micrófono y obtener texto de reconocimiento de voz sin indicación a través de un elemento INPUT con un atributo -x-webkit-speech. ... • http://blog.guya.net/2014/04/07/to-listen-without-consent-abusing-the-html5-speech • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 0%CPEs: 80EXPL: 0CVE-2014-1748 – Ubuntu Security Notice USN-2298-1
https://notcve.org/view.php?id=CVE-2014-1748
21 May 2014 — The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame. La función ScrollView::paint en platform/scroll/ScrollView.cpp en Blink, utilizado en Google Chrome anterior a 35.0.1916.114, permite a atacantes remotos falsificar la interfaz de usuario mediante la extensión de la representación gráfica de la barra de desplazamiento hacia el marco padre. A ty... • http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html •
CVSS: 6.5EPSS: 0%CPEs: 80EXPL: 0CVE-2014-1746 – Ubuntu Security Notice USN-2298-1
https://notcve.org/view.php?id=CVE-2014-1746
21 May 2014 — The InMemoryUrlProtocol::Read function in media/filters/in_memory_url_protocol.cc in Google Chrome before 35.0.1916.114 relies on an insufficiently large integer data type, which allows remote attackers to cause a denial of service (out-of-bounds read) via vectors that trigger use of a large buffer. La función InMemoryUrlProtocol::Read en media/filters/in_memory_url_protocol.cc en Google Chrome anterior a 35.0.1916.114 depende de un tipo de datos de enteros insuficientemente grande, lo que permite a atacant... • http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 80EXPL: 0CVE-2014-1745 – webkitgtk: Processing a file may lead to a denial of service or potentially disclose memory contents
https://notcve.org/view.php?id=CVE-2014-1745
21 May 2014 — Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related to core/svg/SVGFontFaceElement.cpp. Vulnerabilidad de uso después de liberación en la implementación SVG en Blink, utilizado en Google Chrome anterior a 35.0.1916.114, permite a atacantes remotos causar una denegación de servicio o... • http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html • CWE-399: Resource Management Errors CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.8EPSS: 1%CPEs: 93EXPL: 0CVE-2014-1742 – Ubuntu Security Notice USN-2298-1
https://notcve.org/view.php?id=CVE-2014-1742
14 May 2014 — Use-after-free vulnerability in the FrameSelection::updateAppearance function in core/editing/FrameSelection.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper RenderObject handling. Vulnerabilidad de uso después de liberación en la función FrameSelection::updateAppearance en core/editing/FrameSelection.cpp en Blink, utilizado en Google Chrome anterior a 34.0.1847.137, permite a at... • http://googlechromereleases.blogspot.com/2014/05/stable-channel-update.html • CWE-399: Resource Management Errors •
CVSS: 9.8EPSS: 1%CPEs: 93EXPL: 0CVE-2014-1741 – Ubuntu Security Notice USN-2298-1
https://notcve.org/view.php?id=CVE-2014-1741
14 May 2014 — Multiple integer overflows in the replace-data functionality in the CharacterData interface implementation in core/dom/CharacterData.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to ranges. Múltiples desbordamientos de enteros en la funcionalidad replace-data en la implemenatción de interfaz CharacterData en core/dom/CharacterData.cpp en Blink, utilizado en Google Chrome anterior ... • http://googlechromereleases.blogspot.com/2014/05/stable-channel-update.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 1%CPEs: 93EXPL: 0CVE-2014-1740 – Ubuntu Security Notice USN-2298-1
https://notcve.org/view.php?id=CVE-2014-1740
14 May 2014 — Multiple use-after-free vulnerabilities in net/websockets/websocket_job.cc in the WebSockets implementation in Google Chrome before 34.0.1847.137 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to WebSocketJob deletion. Múltiples vulnerabilidades de uso después de liberación en net/websockets/websocket_job.cc en la implementación WebSockets en Google Chrome anterior a 34.0.1847.137 permiten a atacantes remotos causar una denegación de servici... • http://googlechromereleases.blogspot.com/2014/05/stable-channel-update.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 3%CPEs: 5EXPL: 0CVE-2014-1736 – Google Chrome ImageData Signedness Error Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1736
06 May 2014 — Integer overflow in api.cc in Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large length value. Desbordamiento de enteros en api.cc en Google V8, utilizado en Google Chrome anterior a 34.0.1847.131 en Windows y OS X y anteriores 34.0.1847.132 en Linux, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impa... • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html • CWE-190: Integer Overflow or Wraparound •
CVSS: 8.8EPSS: 2%CPEs: 5EXPL: 0CVE-2014-1731 – Apple Security Advisory 2014-06-30-4
https://notcve.org/view.php?id=CVE-2014-1731
26 Apr 2014 — core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements. core/html/HTMLSelectElement.cpp en la implementación DOM en Blink, utilizado en Google Chrome anterior a 34.0.1847.131 ... • http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-1734 – Debian Security Advisory 2920-1
https://notcve.org/view.php?id=CVE-2014-1734
26 Apr 2014 — Multiple unspecified vulnerabilities in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 34.0.1847.131 en Windows y OS X y anterior a 34.0.1847.132 en Linux permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. Multiple vulnerabilitie... • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html •