CVE-2014-7899 – chromium-browser: Address bar spoofing
https://notcve.org/view.php?id=CVE-2014-7899
Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string. Google Chrome anterior a 38.0.2125.101 permite a atacantes remotos falsificar la barra de direcciones mediante la colocación de un blob, es decir, una subcadena al principio de la dirección URL, seguido por el esquema original URI y una cadena con un largo nombre de usuario. • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html http://rhn.redhat.com/errata/RHSA-2014-1894.html http://secunia.com/advisories/60194 http://www.securityfocus.com/bid/71160 http://www.securitytracker.com/id/1031241 https://code.google.com/p/chromium/issues/detail?id=389734 https://exchange.xforce.ibmcloud.com/vulnerabilities/98787 https://src.chromium.org/viewvc/chrome?revision=279232&view=revision https://access.redhat.com/security/cve/CVE-2014-7899 https:& • CWE-20: Improper Input Validation CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVE-2014-7904 – chromium-browser: Buffer overflow in Skia
https://notcve.org/view.php?id=CVE-2014-7904
Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. Desbordamiento de buffer en Skia, utilizado en Google Chrome anterior a 39.0.2171.65, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html http://rhn.redhat.com/errata/RHSA-2014-1894.html http://secunia.com/advisories/60194 http://secunia.com/advisories/62608 http://www.securityfocus.com/bid/71166 http://www.securitytracker.com/id/1031241 https://code.google.com/p/chromium/issues/detail?id=418161 https://exchange.xforce.ibmcloud.com/vulnerabilities/98792 https://access.redhat.com/security/cve/CVE-2014-7904 https://bugzilla.redhat.com/show_ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-7908 – chromium-browser: Integer overflow in media
https://notcve.org/view.php?id=CVE-2014-7908
Multiple integer overflows in the CheckMov function in media/base/container_names.cc in Google Chrome before 39.0.2171.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a large atom in (1) MPEG-4 or (2) QuickTime .mov data. Múltiples desbordamientos de enteros en la función CheckMov ubicada en media/base/container_names.cc en Google Chorme anterior a 39.0.2171.65 permiten a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un atomo grande en (1) MPEG-4 o (2) QuickTime.mov. • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html http://rhn.redhat.com/errata/RHSA-2014-1894.html http://secunia.com/advisories/60194 http://secunia.com/advisories/62608 http://www.securityfocus.com/bid/71168 http://www.securitytracker.com/id/1031241 https://chromium.googlesource.com/chromium/src/+/b2006ac87cec58363090e7d5e10d5d9e3bbda9f9 https://code.google.com/p/chromium/issues/detail?id=425980 https://exchange.xforce.ibmcloud.com/vulnerabilities/98796 https://acce • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2014-7903
https://notcve.org/view.php?id=CVE-2014-7903
Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG image. Desbordamiento de buffer en OpenJPEG anterior a r2911 en PDFium, usado en Google Chrome anterior a 39.0.2171.65, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto a través de una imagen JPEG manipulada. • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html http://www.securityfocus.com/bid/71164 http://www.securitytracker.com/id/1031241 https://code.google.com/p/chromium/issues/detail?id=414525 https://exchange.xforce.ibmcloud.com/vulnerabilities/98791 https://pdfium.googlesource.com/pdfium/+/4dc95e74e1acc75f4eab08bc771874cd2a9c3a9b • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-7901
https://notcve.org/view.php?id=CVE-2014-7901
Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long segment in a JPEG image. Desbordamiento de enteros en la función opj_t2_read_packer en fxcodec/fx_ligopenjpeg/libopenjpeg20/t2.c en OpenJPEG en PDFium, usado en Google Chrome anterior a 39.0.2171.65, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un segmento largo en una imagen JPEG. • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html http://www.securityfocus.com/bid/71158 http://www.securitytracker.com/id/1031241 https://code.google.com/p/chromium/issues/detail?id=413375 https://exchange.xforce.ibmcloud.com/vulnerabilities/98789 https://pdfium.googlesource.com/pdfium/+/e93d5341d87c54713a9632c8823288fa901a3b78 • CWE-189: Numeric Errors •