CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2014-7907 – chromium-browser: Use-after-free in blink
https://notcve.org/view.php?id=CVE-2014-7907
Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cpp in Blink, as used in Google Chrome before 39.0.2171.65, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger improper handling of a detached frame, related to the (1) lock and (2) unlock methods. Múltiples vulnerabilidades de uso después de liberación en modules/screen_orientation/ScreenOrientationController.cpp en Blink, usado en Google Chrome anterior a 39.0.2171.65, permiten a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores que provocan una manipulación incorrecta de una trama individual, relacionada con los métodos de (1) bloqueo y (2) desbloqueo. • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html http://rhn.redhat.com/errata/RHSA-2014-1894.html http://secunia.com/advisories/60194 http://secunia.com/advisories/62608 http://www.securityfocus.com/bid/71170 http://www.securitytracker.com/id/1031241 https://code.google.com/p/chromium/issues/detail?id=424453 https://exchange.xforce.ibmcloud.com/vulnerabilities/98795 https://src.chromium.org/viewvc/blink?revision=184185&view=revision https://access.redhat.co • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3201
https://notcve.org/view.php?id=CVE-2014-3201
core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows remote attackers to spoof content via a crafted web site that interferes with the scrollbar. core/rendering/compositing/RenderLayerCompositor.cpp en Blink, utilizado en Google Chrome anterior a 38.0.2125.102 en Android, no maneja debidamente cierta condición de desbordamiento de IFRAME, lo que permite a atacantes remotos falsificar contenido a través de un sitio web manipulado que interfiere con la barra de desplazamiento. • http://googlechromereleases.blogspot.com/2014/10/chrome-for-android-update.html https://crbug.com/406593 https://src.chromium.org/viewvc/blink?revision=182021&view=revision • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 0%CPEs: 55EXPL: 0CVE-2014-3187
https://notcve.org/view.php?id=CVE-2014-3187
Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted web site. Google Chrome anterior a 37.0.2062.60 y 38.x anterior a 38.0.2125.59 en iOS no restringe debidamente el procesamiento de las URLs (1) facetime:// y (2) facetime-audio://, lo que permite a atacantes remotos obtener datos de vídeo y audio de un dispositivo a través de un sitio web manipulado. • http://googlechromereleases.blogspot.com/2014/10/chrome-for-ios-update.html http://twitter.com/S9Labs/statuses/519576582742999043 https://code.google.com/p/chromium/issues/detail?id=413831 https://medium.com/section-9-lab/abusing-ios-url-handlers-on-messages-96979e8b12f5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 4%CPEs: 6EXPL: 0CVE-2014-3188 – v8: IPC and v8 issue fixed in Google Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3188
Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in json-parser.h. Google Chrome anterior a 38.0.2125.101 y Chrome OS anterior a 38.0.2125.101 no manejan debidamente la interacción de IPC y Google V8, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores que involucran datos JSON, realcionado con el análisis sintáctico indebido de un indice escapado por ParseJsonObject en json-parser.h. • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update-for-chrome-os.html http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2014-1626.html https://code.google.com/p/v8/source/detail?r=24125 https://crbug.com/416449 https://access.redhat.com/security/cve/CVE-2014-3188 https://bugzilla.redhat.com/show_bug.cgi?id=1150848 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.8EPSS: 1%CPEs: 5EXPL: 0CVE-2014-3198 – chromium: OOB reads in PDFium fixed in Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3198
The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error code, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. La función Instance::HandleInputEvent en pdf/instance.cc en el componente PDFium en Google Chrome anterior a 38.0.2125.101 interpreta cierto valor -1 como un indice en lugar de un código de error de página no visible, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2014-1626.html http://www.securityfocus.com/bid/70273 https://codereview.chromium.org/560133004 https://crbug.com/415307 https://access.redhat.com/security/cve/CVE-2014-3198 https://bugzilla.redhat.com/show_bug.cgi?id=1151368 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •