CVSS: 8.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-1721 – Gentoo Linux Security Advisory 201408-16
https://notcve.org/view.php?id=CVE-2014-1721
09 Apr 2014 — Google V8, as used in Google Chrome before 34.0.1847.116, does not properly implement lazy deoptimization, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code, as demonstrated by improper handling of a heap allocation of a number outside the Small Integer (aka smi) range. Google V8, utilizado en Google Chrome anterior a 34.0.1847.116, no implementa debidamente la recomposición perezosa (lazy deoptimization), lo ... • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2014-1723 – Gentoo Linux Security Advisory 201408-16
https://notcve.org/view.php?id=CVE-2014-1723
09 Apr 2014 — The UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google Chrome before 34.0.1847.116 does not properly handle bidirectional Internationalized Resource Identifiers (IRIs), which makes it easier for remote attackers to spoof URLs via crafted use of right-to-left (RTL) Unicode text. La función UnescapeURLWithOffsetsImpl en net/base/escape.cc en Google Chrome anterior a 34.0.1847.116 no maneja debidamente los Internationalized Resource Identifiers (IRIs) bidireccionales, lo que facilita a atacant... • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 0%CPEs: 125EXPL: 0CVE-2014-1704 – v8: multiple vulnerabilities fixed in Google Chrome version 33.0.1750.149
https://notcve.org/view.php?id=CVE-2014-1704
16 Mar 2014 — Multiple unspecified vulnerabilities in Google V8 before 3.23.17.18, as used in Google Chrome before 33.0.1750.149, allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google V8 anterior a 3.23.17.18, utilizado en Google Chrome anterior a 33.0.1750.149, permiten a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. V8 is Google's open source JavaScri... • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html •
CVSS: 9.8EPSS: 1%CPEs: 107EXPL: 0CVE-2014-1703 – Gentoo Linux Security Advisory 201408-16
https://notcve.org/view.php?id=CVE-2014-1703
16 Mar 2014 — Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/renderer_host/websocket_dispatcher_host.cc in the Web Sockets implementation in Google Chrome before 33.0.1750.149 might allow remote attackers to bypass the sandbox protection mechanism by leveraging an incorrect deletion in a certain failure case. Vulnerabilidad de uso después de liberación en la función WebSocketDispatcherHost::SendOrDrop en content/browser/renderer_host/websocket_dispatcher_host.cc en la ... • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html • CWE-399: Resource Management Errors •
CVSS: 6.1EPSS: 0%CPEs: 107EXPL: 0CVE-2014-1701 – Gentoo Linux Security Advisory 201408-16
https://notcve.org/view.php?id=CVE-2014-1701
16 Mar 2014 — The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to conduct Universal XSS (UXSS) attacks via vectors involving events. La función GenerateFunction en bindings/scripts/code_generator_v8.pm en Blink, utilizado en Google Chrome anterior a 33.0.1750.149, no implementa cierta restricción cross-origin para la... • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 1%CPEs: 107EXPL: 0CVE-2014-1700 – Gentoo Linux Security Advisory 201408-16
https://notcve.org/view.php?id=CVE-2014-1700
16 Mar 2014 — Use-after-free vulnerability in modules/speech/SpeechSynthesis.cpp in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of a certain utterance data structure. Vulnerabilidad de uso después de liberación en modules/speech/SpeechSynthesis.cpp en Blink, utilizado en Google Chrome anterior a 33.0.1750.149, permite a atacantes remotos causar una denegación de servicio o posiblemente ... • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html • CWE-399: Resource Management Errors •
CVSS: 8.8EPSS: 3%CPEs: 5EXPL: 0CVE-2014-1713 – Google Chrome Blink Use-After-Free Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1713
16 Mar 2014 — Use-after-free vulnerability in the AttributeSetter function in bindings/templates/attributes.cpp in the bindings in Blink, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving the document.location value. Vulnerabilidad de uso después de liberación en la función AttributeSetter en bindings/templates/attributes.cpp en los enlaces en Blink, utili... • http://archives.neohapsis.com/archives/bugtraq/2014-03/0144.html • CWE-416: Use After Free •
CVSS: 9.8EPSS: 6%CPEs: 9EXPL: 0CVE-2014-1705 – Google Chrome V8 Arbitrary Memory Read/Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1705
16 Mar 2014 — Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Google V8, utilizado en Google Chrome anterior a 33.0.1750.152 en OS X y Linux y anterior a 33.0.1750.154 en Windows, permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través d... • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-1715 – Google Chrome Directory Traversal Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2014-1715
16 Mar 2014 — Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors. Vulnerabilidad de salto de directorio en Google Chrome anterior a 33.0.1750.152 en OS X y Linux y anterior a 33.0.1750.154 en Windows tiene vectores de impacto y ataque no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit t... • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: 1%CPEs: 107EXPL: 0CVE-2014-1702 – Gentoo Linux Security Advisory 201408-16
https://notcve.org/view.php?id=CVE-2014-1702
16 Mar 2014 — Use-after-free vulnerability in the DatabaseThread::cleanupDatabaseThread function in modules/webdatabase/DatabaseThread.cpp in the web database implementation in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of scheduled tasks during shutdown of a thread. Vulnerabilidad de uso después de liberación en la función DatabaseThread::cleanupDatabaseThread en modules/webdatabase/D... • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html • CWE-399: Resource Management Errors •