CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-1717
https://notcve.org/view.php?id=CVE-2014-1717
09 Apr 2014 — Google V8, as used in Google Chrome before 34.0.1847.116, does not properly use numeric casts during handling of typed arrays, which allows remote attackers to cause a denial of service (out-of-bounds array access) or possibly have unspecified other impact via crafted JavaScript code. Google V8, utilizado en Google Chrome anterior a 34.0.1847.116, no utiliza debidamente conversiones numéricas durante el manejo de arrays tipo, lo que permite a atacantes remotos causar una denegación de servicio (acceso a arr... • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html • CWE-189: Numeric Errors •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-1718
https://notcve.org/view.php?id=CVE-2014-1718
09 Apr 2014 — Integer overflow in the SoftwareFrameManager::SwapToNewFrame function in content/browser/renderer_host/software_frame_manager.cc in the software compositor in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an attempted mapping of a large amount of renderer memory. Desbordamiento de enteros en la función SoftwareFrameManager::SwapToNewFrame en content/browser/renderer_host/software_frame_manager.cc en ... • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-1719
https://notcve.org/view.php?id=CVE-2014-1719
09 Apr 2014 — Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in content/worker/websharedworker_stub.cc in the Web Workers implementation in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger a SharedWorker termination during script loading. Vulnerabilidad de uso después de liberación en la función WebSharedWorkerStub::OnTerminateWorkerContext en conte... • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-1720
https://notcve.org/view.php?id=CVE-2014-1720
09 Apr 2014 — Use-after-free vulnerability in the HTMLBodyElement::insertedInto function in core/html/HTMLBodyElement.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attributes. Vulnerabilidad de uso después de liberación en la función HTMLBodyElement::insertedInto en core/html/HTMLBodyElement.cpp en Blink, utilizado en Google Chrome anterior a 34.0.1847.116, permite a atacantes remotos causar... • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-1721
https://notcve.org/view.php?id=CVE-2014-1721
09 Apr 2014 — Google V8, as used in Google Chrome before 34.0.1847.116, does not properly implement lazy deoptimization, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by improper handling of a heap allocation of a number outside the Small Integer (aka smi) range. Google V8, utilizado en Google Chrome anterior a 34.0.1847.116, no implementa debidamente la recomposición perezosa (lazy deoptimization), lo ... • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html • CWE-189: Numeric Errors •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-1722
https://notcve.org/view.php?id=CVE-2014-1722
09 Apr 2014 — Use-after-free vulnerability in the RenderBlock::addChildIgnoringAnonymousColumnBlocks function in core/rendering/RenderBlock.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving addition of a child node. Vulnerabilidad de uso después de liberación en la función RenderBlock::addChildIgnoringAnonymousColumnBlocks en core/rendering/RenderBlock.cpp en Blink, utilizado en Google Chrome an... • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2014-1723
https://notcve.org/view.php?id=CVE-2014-1723
09 Apr 2014 — The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google Chrome before 34.0.1847.116 does not properly handle bidirectional Internationalized Resource Identifiers (IRIs), which makes it easier for remote attackers to spoof URLs via crafted use of right-to-left (RTL) Unicode text. La función UnescapeURLWithOffsetsImpl en net/base/escape.cc en Google Chrome anterior a 34.0.1847.116 no maneja debidamente los Internationalized Resource Identifiers (IRIs) bidireccionales, lo que facilita a atacant... • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-1724
https://notcve.org/view.php?id=CVE-2014-1724
09 Apr 2014 — Use-after-free vulnerability in Free(b)soft Laboratory Speech Dispatcher 0.7.1, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service (application hang) or possibly have unspecified other impact via a text-to-speech request. Vulnerabilidad de uso después de liberación en Free(b)soft Laboratory Speech Dispatcher 0.7.1, utilizado en Google Chrome anterior a 34.0.1847.116, permite a atacantes remotos causar una denegación de servicio (cuelgue de aplicación) o posib... • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html • CWE-399: Resource Management Errors •
CVSS: 6.5EPSS: 1%CPEs: 1EXPL: 0CVE-2014-1725
https://notcve.org/view.php?id=CVE-2014-1725
09 Apr 2014 — The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via a window.atob method call. La función base64DecodeInternal en wtf/text/Base64.cpp en Blink, utilizado en Google Chrome anterior a 34.0.1847.116, no maneja debidamente cadenas de datos compuestas exclusivamente de caracteres en bla... • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2014-1726
https://notcve.org/view.php?id=CVE-2014-1726
09 Apr 2014 — The drag implementation in Google Chrome before 34.0.1847.116 allows user-assisted remote attackers to bypass the Same Origin Policy and forge local pathnames by leveraging renderer access. La implementación de arrastrar en Google Chrome anterior a 34.0.1847.116 permite a atacantes remotos asistidos por usuario evadir Same Origin Policy y falsificar nombres de ruta locales mediante el aprovechamiento de acceso de renderizador. • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html •