CVSS: 7.8EPSS: 1%CPEs: 7EXPL: 0CVE-2015-1231 – chromium-browser: Various fixes from internal audits, fuzzing and other initiatives.
https://notcve.org/view.php?id=CVE-2015-1231
05 Mar 2015 — Multiple unspecified vulnerabilities in Google Chrome before 41.0.2272.76 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 41.0.2272.76 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. Several out-of-bounds write bugs were discovered in Skia. If a user were tricked in to opening a specially crafted website, an attack... • http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html •
CVSS: 9.8EPSS: 2%CPEs: 12EXPL: 0CVE-2014-7923 – ICU: regexp engine missing look-behind expression range check
https://notcve.org/view.php?id=CVE-2014-7923
22 Jan 2015 — The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression. El paquete Regular Expressions en International Components for Unicode (ICU) 52 anterior a la versión SVN 292944, como es usada en Google Chrome anterior a la versión 40.0.2214.91, permite a lo... • http://advisories.mageia.org/MGASA-2015-0047.html • CWE-17: DEPRECATED: Code CWE-122: Heap-based Buffer Overflow •
CVSS: 9.8EPSS: 2%CPEs: 12EXPL: 0CVE-2014-7926 – ICU: regexp engine incorrect handling of a zero length quantifier
https://notcve.org/view.php?id=CVE-2014-7926
22 Jan 2015 — The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a zero-length quantifier. El paquete Regular Expressions en International Components for Unicode (ICU) 52 anterior a la versión SVN 292944, como es usado en Google Chrome anterior a la versión 40.0.2214.91, permite a lo... • http://advisories.mageia.org/MGASA-2015-0047.html • CWE-17: DEPRECATED: Code CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 0%CPEs: 8EXPL: 0CVE-2014-7939 – chromium-browser: same-origin-bypass in V8
https://notcve.org/view.php?id=CVE-2014-7939
22 Jan 2015 — Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff" header. Google Chrome anterior aq 40.0.2214.91, cuando el proxy Harmony en Google V8 está habilitado, permite a atacantes remotos evadir Same Origin Policy a través de código JavaScript manipulado con llamadas Proxy.create y conso... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.5EPSS: 2%CPEs: 8EXPL: 0CVE-2014-7941 – chromium-browser: out-of-bounds read in UI
https://notcve.org/view.php?id=CVE-2014-7941
22 Jan 2015 — The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via crafted X11 data. La función SelectionOwner::ProcessTarget en ui/base/x/selection_owner.cc en la implementación UI en Google Chrome anterior a 40.0.2214.91 utiliza un tipo de datos incorrecto para cierto valor de longitud, lo que permi... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 2%CPEs: 10EXPL: 0CVE-2014-7942 – chromium-browser: uninitialized-value in Fonts
https://notcve.org/view.php?id=CVE-2014-7942
22 Jan 2015 — The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. La implementación Fuentes en Google Chrome anterior a 40.0.2214.91 no inicializa la memoria para una estructura de datos, lo que permite a atacantes remotos causar una denegación de servicio o la posibilidad de tener otro impacto sin especificar a través de vectores no conocidos... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-399: Resource Management Errors CWE-456: Missing Initialization of a Variable •
CVSS: 7.8EPSS: 1%CPEs: 10EXPL: 0CVE-2014-7943 – chromium-browser: out-of-bounds read in Skia
https://notcve.org/view.php?id=CVE-2014-7943
22 Jan 2015 — Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. Skia, utilizado en Google Chrome anterior a 40.0.2214.91, permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de vectores no especificados. Several memory corruption bugs were discovered in ICU. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a d... • http://googlechromereleases.blogspot.com/2015/01/stable-update.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 10.0EPSS: 3%CPEs: 6EXPL: 0CVE-2014-3188 – v8: IPC and v8 issue fixed in Google Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3188
08 Oct 2014 — Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in json-parser.h. Google Chrome anterior a 38.0.2125.101 y Chrome OS anterior a 38.0.2125.101 no manejan debidamente la interacción de IPC y Google V8, lo que permite a atacantes remotos ejecutar código arbitrario a través de... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update-for-chrome-os.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3189 – chromium: OOB reads in PDFium fixed in Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3189
08 Oct 2014 — The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via unknown vectors. La función chrome_pdf::CopyImage en pdf/draw_utils.cc en el componente PDFium en Google Chrome anterior a 38.0.2125.101 no valida debidamente las dimensiones de los datos de imágenes, lo que permite a ... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html • CWE-125: Out-of-bounds Read CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3190 – chromium: multiple security fixes in Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3190
08 Oct 2014 — Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that accesses the path property of an Event object. Vulnerabilidad de uso después de liberación en la función Event::currentTarget en core/events/Event.cpp en Blink, utilizado en Google Chrome anterior a 38.0.2125.101, pe... • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html • CWE-416: Use After Free •