CVSS: 9.8EPSS: 1%CPEs: 5EXPL: 0CVE-2014-1714 – Google Chrome Clipboard Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2014-1714
16 Mar 2014 — The ScopedClipboardWriter::WritePickledData function in ui/base/clipboard/scoped_clipboard_writer.cc in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows does not verify a certain format value, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the clipboard. La función ScopedClipboardWriter::WritePickledData en ui/base/clipboard/scoped_clipboard_writer.cc en Google Chrome anterior a 33.0.1750.152... • http://archives.neohapsis.com/archives/bugtraq/2014-03/0143.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 125EXPL: 0CVE-2014-1704 – v8: multiple vulnerabilities fixed in Google Chrome version 33.0.1750.149
https://notcve.org/view.php?id=CVE-2014-1704
16 Mar 2014 — Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, as used in Google Chrome before 33.0.1750.149, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 anterior a 3.23.17.18, utilizado en Google Chrome anterior a 33.0.1750.149, permiten a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. V8 is Google's open source JavaScri... • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html •
CVSS: 9.8EPSS: 1%CPEs: 107EXPL: 0CVE-2014-1703 – Gentoo Linux Security Advisory 201408-16
https://notcve.org/view.php?id=CVE-2014-1703
16 Mar 2014 — Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/renderer_host/websocket_dispatcher_host.cc in the Web Sockets implementation in Google Chrome before 33.0.1750.149 might allow remote attackers to bypass the sandbox protection mechanism by leveraging an incorrect deletion in a certain failure case. Vulnerabilidad de uso después de liberación en la función WebSocketDispatcherHost::SendOrDrop en content/browser/renderer_host/websocket_dispatcher_host.cc en la ... • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 107EXPL: 0CVE-2014-1701 – Gentoo Linux Security Advisory 201408-16
https://notcve.org/view.php?id=CVE-2014-1701
16 Mar 2014 — The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to conduct Universal XSS (UXSS) attacks via vectors involving events. La función GenerateFunction en bindings/scripts/code_generator_v8.pm en Blink, utilizado en Google Chrome anterior a 33.0.1750.149, no implementa cierta restricción cross-origin para la... • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 107EXPL: 0CVE-2014-1700 – Gentoo Linux Security Advisory 201408-16
https://notcve.org/view.php?id=CVE-2014-1700
16 Mar 2014 — Use-after-free vulnerability in modules/speech/SpeechSynthesis.cpp in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of a certain utterance data structure. Vulnerabilidad de uso después de liberación en modules/speech/SpeechSynthesis.cpp en Blink, utilizado en Google Chrome anterior a 33.0.1750.149, permite a atacantes remotos causar una denegación de servicio o posiblemente ... • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html • CWE-399: Resource Management Errors •
CVSS: 8.1EPSS: 0%CPEs: 106EXPL: 0CVE-2013-6666 – Gentoo Linux Security Advisory 201403-01
https://notcve.org/view.php?id=CVE-2013-6666
05 Mar 2014 — The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepper_flash_renderer_host.cc in Google Chrome before 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Sharing (CORS) simple headers before proceeding with a PPB_Flash.Navigate operation, which might allow remote attackers to bypass intended CORS restrictions via an inappropriate header. La función PepperFlashRendererHost::OnNavigate en renderer/pepper/pepper_flash_renderer_host.cc en Google Chrome anterior a 33.0.17... • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 1%CPEs: 106EXPL: 0CVE-2013-6667 – Gentoo Linux Security Advisory 201403-01
https://notcve.org/view.php?id=CVE-2013-6667
05 Mar 2014 — Multiple unspecified vulnerabilities in Google Chrome before 33.0.1750.146 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 33.0.1750.146 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. Multiple vulnerabilities have been reported in Chromium and V8, worst of which may allow execution of arbitrary code. Versions less... • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html •
CVSS: 8.8EPSS: 1%CPEs: 145EXPL: 1CVE-2013-6668 – v8: multiple vulnerabilities fixed in Google Chrome version 33.0.1750.146
https://notcve.org/view.php?id=CVE-2013-6668
05 Mar 2014 — Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Google Chrome before 33.0.1750.146, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 anterior a 3.24.35.10, utilizado en Google Chrome anterior a 33.0.1750.146, permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. A memory corruption vulnerability, which re... • https://github.com/sdneon/CveTest •
CVSS: 8.8EPSS: 0%CPEs: 106EXPL: 0CVE-2013-6665 – Gentoo Linux Security Advisory 201403-01
https://notcve.org/view.php?id=CVE-2013-6665
05 Mar 2014 — Heap-based buffer overflow in the ResourceProvider::InitializeSoftware function in cc/resources/resource_provider.cc in Google Chrome before 33.0.1750.146 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a large texture size that triggers improper memory allocation in the software renderer. Desbordamiento de buffer basado en memoria dinámica en la función ResourceProvider::InitializeSoftware en cc/resources/resource_provider.cc en Google Chrome anterior a 33... • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 106EXPL: 0CVE-2013-6664 – Gentoo Linux Security Advisory 201403-01
https://notcve.org/view.php?id=CVE-2013-6664
05 Mar 2014 — Use-after-free vulnerability in the FormAssociatedElement::formRemovedFromTree function in core/html/FormAssociatedElement.cpp in Blink, as used in Google Chrome before 33.0.1750.146, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving FORM elements, as demonstrated by use of the speech-recognition feature. Vulnerabilidad de uso después de liberación en la función FormAssociatedElement::formRemovedFromTree en core/html/FormAssociatedElement.cp... • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html • CWE-399: Resource Management Errors •