CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3190 – chromium: multiple security fixes in Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3190
Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that accesses the path property of an Event object. Vulnerabilidad de uso después de liberación en la función Event::currentTarget en core/events/Event.cpp en Blink, utilizado en Google Chrome anterior a 38.0.2125.101, permite a atacantes remotos causar una denegación de servicio (caída de la aplicación) o posiblemente tener otro impacto no especificado a través de código JavaScript manipulado que accede a la propiedad de ruta de un objeto Event. • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2014-1626.html http://www.securityfocus.com/bid/70273 https://crbug.com/400476 https://src.chromium.org/viewvc/blink?revision=181234&view=revision https://access.redhat.com/security/cve/CVE-2014-3190 https://bugzilla.redhat.com/show_bug.cgi?id=1151381 • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3189 – chromium: OOB reads in PDFium fixed in Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3189
The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via unknown vectors. La función chrome_pdf::CopyImage en pdf/draw_utils.cc en el componente PDFium en Google Chrome anterior a 38.0.2125.101 no valida debidamente las dimensiones de los datos de imágenes, lo que permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2014-1626.html http://www.securityfocus.com/bid/70273 https://codereview.chromium.org/519873002 https://crbug.com/398384 https://access.redhat.com/security/cve/CVE-2014-3189 https://bugzilla.redhat.com/show_bug.cgi?id=1151368 • CWE-125: Out-of-bounds Read CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 0%CPEs: 5EXPL: 0CVE-2014-3195 – v8: information leak fixed in Google Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3195
Google V8, as used in Google Chrome before 38.0.2125.101, does not properly track JavaScript heap-memory allocations as allocations of uninitialized memory and does not properly concatenate arrays of double-precision floating-point numbers, which allows remote attackers to obtain sensitive information via crafted JavaScript code, related to the PagedSpace::AllocateRaw and NewSpace::AllocateRaw functions in heap/spaces-inl.h, the LargeObjectSpace::AllocateRaw function in heap/spaces.cc, and the Runtime_ArrayConcat function in runtime.cc. Google V8, utilizado en Google Chrome anterior a 38.0.2125.101, no sigue debidamente las reservas de memoria dinámica JavaScript como reservas de memoria no inicializada y no concatena debidamnete los arrays de números de punto flotante y doble precisión, lo que permite a atacantes remotos obtener información sensible a través de código JavaScript manipulado, relacionado con las funciones PagedSpace::AllocateRaw y NewSpace::AllocateRaw en heap/spaces-inl.h, la función LargeObjectSpace::AllocateRaw en heap/spaces.cc, y la función Runtime_ArrayConcat en runtime.cc. • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2014-1626.html http://www.securityfocus.com/bid/70273 https://code.google.com/p/v8/source/detail?r=23144 https://code.google.com/p/v8/source/detail?r=23268 https://crbug.com/403409 https://access.redhat.com/security/cve/CVE-2014-3195 https://bugzilla.redhat.com/show_bug.cgi?id=1150849 • CWE-399: Resource Management Errors •
CVSS: 6.8EPSS: 0%CPEs: 55EXPL: 0CVE-2014-3187
https://notcve.org/view.php?id=CVE-2014-3187
Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted web site. Google Chrome anterior a 37.0.2062.60 y 38.x anterior a 38.0.2125.59 en iOS no restringe debidamente el procesamiento de las URLs (1) facetime:// y (2) facetime-audio://, lo que permite a atacantes remotos obtener datos de vídeo y audio de un dispositivo a través de un sitio web manipulado. • http://googlechromereleases.blogspot.com/2014/10/chrome-for-ios-update.html http://twitter.com/S9Labs/statuses/519576582742999043 https://code.google.com/p/chromium/issues/detail?id=413831 https://medium.com/section-9-lab/abusing-ios-url-handlers-on-messages-96979e8b12f5 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 4%CPEs: 6EXPL: 0CVE-2014-3188 – v8: IPC and v8 issue fixed in Google Chrome 38.0.2125.101
https://notcve.org/view.php?id=CVE-2014-3188
Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in json-parser.h. Google Chrome anterior a 38.0.2125.101 y Chrome OS anterior a 38.0.2125.101 no manejan debidamente la interacción de IPC y Google V8, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores que involucran datos JSON, realcionado con el análisis sintáctico indebido de un indice escapado por ParseJsonObject en json-parser.h. • http://googlechromereleases.blogspot.com/2014/10/stable-channel-update-for-chrome-os.html http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2014-1626.html https://code.google.com/p/v8/source/detail?r=24125 https://crbug.com/416449 https://access.redhat.com/security/cve/CVE-2014-3188 https://bugzilla.redhat.com/show_bug.cgi?id=1150848 • CWE-94: Improper Control of Generation of Code ('Code Injection') •