CVE-2014-7924 – chromium-browser: use-after-free in IndexedDB
https://notcve.org/view.php?id=CVE-2014-7924
Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering duplicate BLOB references, related to content/browser/indexed_db/indexed_db_callbacks.cc and content/browser/indexed_db/indexed_db_dispatcher_host.cc. Vulnerabilidad de uso después de liberación en la implementación IndexedDB en Google Chrome anterior a 40.0.2214.91 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado mediante la provocación de referencias BLOB duplicadas, relacionado con content/browser/indexed_db/indexed_db_callbacks.cc y content/browser/indexed_db/indexed_db_dispatcher_host.cc. • http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62575 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.securityfocus.com/bid/72288 http://www.securitytracker.com/id/1031623 http://www.ubuntu.com/usn/USN-2476-1 https:/& • CWE-416: Use After Free •
CVE-2015-1205 – chromium-browser: multiple unspecified vulnerabilities
https://notcve.org/view.php?id=CVE-2015-1205
Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 40.0.2214.91 permite a atacantes causar una denegación de servicio o la posibilidad de tener otro impacto a través de vectores desconocidos • http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00001.html http://lists.apple.com/archives/security-announce/2015/Sep/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62575 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http:/ •
CVE-2014-7923 – ICU: regexp engine missing look-behind expression range check
https://notcve.org/view.php?id=CVE-2014-7923
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression. El paquete Regular Expressions en International Components for Unicode (ICU) 52 anterior a la versión SVN 292944, como es usada en Google Chrome anterior a la versión 40.0.2214.91, permite a los atacantes remotos generar una Denegación de Servicio (corrupción de la memoria) o posiblemente tener otros impactos no especificados por medio de vectores relacionados con una expresión look-behind. • http://advisories.mageia.org/MGASA-2015-0047.html http://bugs.icu-project.org/trac/ticket/11370 http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62575 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.oracle.com/technetwork/t • CWE-17: DEPRECATED: Code CWE-122: Heap-based Buffer Overflow •
CVE-2014-7940 – ICU: uninitialized value use in the collation component
https://notcve.org/view.php?id=CVE-2014-7940
The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted character sequence. La implementación collator en i18n/ucol.cpp en International Components for Unicode (ICU) 52 hasta la revisión SVN 293126, utilizada en Google Chrome anterior a 40.0.2214.91, no inicializa la memoria para una estructura de datos, lo que permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de una secuencia de caracteres manipulada. • http://advisories.mageia.org/MGASA-2015-0047.html http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62575 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www& • CWE-399: Resource Management Errors •
CVE-2014-7945 – chromium-browser: out-of-bounds read in PDFium
https://notcve.org/view.php?id=CVE-2014-7945
OpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, and t2.c. OpenJPEG anterior a r2908, utilizado en PDFium en Google Chrome anterior a 40.0.2214.91, permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través dfe un documento PDF manipulado, relacionado con j2k.c, jp2.c, y t2.c. • http://googlechromereleases.blogspot.com/2015/01/stable-update.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://rhn.redhat.com/errata/RHSA-2015-0093.html http://secunia.com/advisories/62383 http://secunia.com/advisories/62665 http://security.gentoo.org/glsa/glsa-201502-13.xml http://www.securityfocus.com/bid/72288 http://www.securitytracker.com/id/1031623 https://code.google.com/p/chromium/issues/detail?id=414310 https://pdfium.googlesource.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •