CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3197 – chromium: information leak in XSS Auditor fixed in Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3197
The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site. La función NavigationScheduler::schedulePageBlock en core/loader/NavigationScheduler.cpp en Blink, utilizado en Google Chrome anterior a 38.0.2125.101, no proporciona debidamente los datos de sustitución para las páginas bloqueadas por el auditor de XSS, lo que permite a atacantes remotos obtener información sensible a través de un sitio web manipulado. • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2014-1626.html http://www.securityfocus.com/bid/70273 https://crbug.com/396544 https://src.chromium.org/viewvc/blink?revision=179240&view=revision https://access.redhat.com/security/cve/CVE-2014-3197 https://bugzilla.redhat.com/show_bug.cgi?id=1151422 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3195 – v8: information leak fixed in Google Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3195
Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive information via crafted JavaScript code, related to the PagedSpace::AllocateRaw and NewSpace::AllocateRaw functions in heap/spaces-inl.h, the LargeObjectSpace::AllocateRaw function in heap/spaces.cc, and the Runtime_ArrayConcat function in runtime.cc. Google V8, utilizado en Google Chrome anterior a 38.0.2125.101, no sigue debidamente las reservas de memoria dinámica JavaScript como reservas de memoria no inicializada y no concatena debidamnete los arrays de números de punto flotante y doble precisión, lo que permite a atacantes remotos obtener información sensible a través de código JavaScript manipulado, relacionado con las funciones PagedSpace::AllocateRaw y NewSpace::AllocateRaw en heap/spaces-inl.h, la función LargeObjectSpace::AllocateRaw en heap/spaces.cc, y la función Runtime_ArrayConcat en runtime.cc. • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2014-1626.html http://www.securityfocus.com/bid/70273 https://code.google.com/p/v8/source/detail?r=23144 https://code.google.com/p/v8/source/detail?r=23268 https://crbug.com/403409 https://access.redhat.com/security/cve/CVE-2014-3195 https://bugzilla.redhat.com/show_bug.cgi?id=1150849 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3193 – chromium: multiple security fixes in Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3193
The SessionService::GetLastSession function in browser/sessions/session_service.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors that leverage "type confusion" for callback processing. La función SessionService::GetLastSession en browser/sessions/session_service.cc en Google Chrome anterior a 38.0.2125.101 permite a atacantes remotos causar una denegación de servicio (uso después de liberación) o posiblemente tener otro impacto no especificado a través de vectores que aprovechan 'la confusión de tipos' para el procesamiento de la devolución de llamadas. • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2014-1626.html http://www.securityfocus.com/bid/70273 https://codereview.chromium.org/500143002 https://crbug.com/399655 https://access.redhat.com/security/cve/CVE-2014-3193 https://bugzilla.redhat.com/show_bug.cgi?id=1151381 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3189 – chromium: OOB reads in PDFium fixed in Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3189
The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via unknown vectors. La función chrome_pdf::CopyImage en pdf/draw_utils.cc en el componente PDFium en Google Chrome anterior a 38.0.2125.101 no valida debidamente las dimensiones de los datos de imágenes, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2014-1626.html http://www.securityfocus.com/bid/70273 https://codereview.chromium.org/519873002 https://crbug.com/398384 https://access.redhat.com/security/cve/CVE-2014-3189 https://bugzilla.redhat.com/show_bug.cgi?id=1151368 • CWE-125: Out-of-bounds Read CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.8EPSS: 1%CPEs: 5EXPL: 0CVE-2014-3198 – chromium: OOB reads in PDFium fixed in Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3198
The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error code, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. La función Instance::HandleInputEvent en pdf/instance.cc en el componente PDFium en Google Chrome anterior a 38.0.2125.101 interpreta cierto valor -1 como un indice en lugar de un código de error de página no visible, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2014-1626.html http://www.securityfocus.com/bid/70273 https://codereview.chromium.org/560133004 https://crbug.com/415307 https://access.redhat.com/security/cve/CVE-2014-3198 https://bugzilla.redhat.com/show_bug.cgi?id=1151368 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •