CVSS: 6.8EPSS: 3%CPEs: 1EXPL: 0CVE-2014-7909 – chromium-browser: Uninitialized memory read in Skia
https://notcve.org/view.php?id=CVE-2014-7909
effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before 39.0.2171.65, computes a hash key using uninitialized integer values, which might allow remote attackers to cause a denial of service by rendering crafted data. effects/SkDashPathEffect.cpp en Skia, usado en Google Chrome anterior a 39.0.2171.65, calcula una clave de hash usando valores de enteros sin inicializar, lo que podría permitir a atacantes remotos causar una denegación de servicio mediante la renderización de datos manipulados. • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html http://rhn.redhat.com/errata/RHSA-2014-1894.html http://secunia.com/advisories/60194 http://secunia.com/advisories/62608 http://www.securityfocus.com/bid/71167 http://www.securitytracker.com/id/1031241 https://code.google.com/p/chromium/issues/detail?id=391001 https://exchange.xforce.ibmcloud.com/vulnerabilities/98797 https://skia.googlesource.com/skia/+/1c577cd3ee331944b9061ee0eec147b211ee563c https://access.redhat. • CWE-189: Numeric Errors •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2014-7900
https://notcve.org/view.php?id=CVE-2014-7900
Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. Una vulnerabilidad de uso después de liberación en la función CPDF_Parser::IsLinearizedFile ubicada en fpdfapi/fpdf_parser/fpdf_parser_parser.cpp en PDFium, usada en Google Chrome anterior 39.0.2171.65, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un documento PDF manipulado. • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html http://www.securityfocus.com/bid/71163 http://www.securitytracker.com/id/1031241 https://code.google.com/p/chromium/issues/detail?id=406868 https://exchange.xforce.ibmcloud.com/vulnerabilities/98788 https://pdfium.googlesource.com/pdfium/+/1b04ea3b0fbae3be3ae6b3824c5e0dadc0e73d44 • CWE-399: Resource Management Errors •
CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2014-7899 – chromium-browser: Address bar spoofing
https://notcve.org/view.php?id=CVE-2014-7899
Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string. Google Chrome anterior a 38.0.2125.101 permite a atacantes remotos falsificar la barra de direcciones mediante la colocación de un blob, es decir, una subcadena al principio de la dirección URL, seguido por el esquema original URI y una cadena con un largo nombre de usuario. • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html http://rhn.redhat.com/errata/RHSA-2014-1894.html http://secunia.com/advisories/60194 http://www.securityfocus.com/bid/71160 http://www.securitytracker.com/id/1031241 https://code.google.com/p/chromium/issues/detail?id=389734 https://exchange.xforce.ibmcloud.com/vulnerabilities/98787 https://src.chromium.org/viewvc/chrome?revision=279232&view=revision https://access.redhat.com/security/cve/CVE-2014-7899 https:& • CWE-20: Improper Input Validation CWE-451: User Interface (UI) Misrepresentation of Critical Information •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2014-7907 – chromium-browser: Use-after-free in blink
https://notcve.org/view.php?id=CVE-2014-7907
Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cpp in Blink, as used in Google Chrome before 39.0.2171.65, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger improper handling of a detached frame, related to the (1) lock and (2) unlock methods. Múltiples vulnerabilidades de uso después de liberación en modules/screen_orientation/ScreenOrientationController.cpp en Blink, usado en Google Chrome anterior a 39.0.2171.65, permiten a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores que provocan una manipulación incorrecta de una trama individual, relacionada con los métodos de (1) bloqueo y (2) desbloqueo. • http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html http://rhn.redhat.com/errata/RHSA-2014-1894.html http://secunia.com/advisories/60194 http://secunia.com/advisories/62608 http://www.securityfocus.com/bid/71170 http://www.securitytracker.com/id/1031241 https://code.google.com/p/chromium/issues/detail?id=424453 https://exchange.xforce.ibmcloud.com/vulnerabilities/98795 https://src.chromium.org/viewvc/blink?revision=184185&view=revision https://access.redhat.co • CWE-399: Resource Management Errors CWE-416: Use After Free •
CVSS: 5.0EPSS: 0%CPEs: 1EXPL: 0CVE-2014-3201
https://notcve.org/view.php?id=CVE-2014-3201
core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows remote attackers to spoof content via a crafted web site that interferes with the scrollbar. core/rendering/compositing/RenderLayerCompositor.cpp en Blink, utilizado en Google Chrome anterior a 38.0.2125.102 en Android, no maneja debidamente cierta condición de desbordamiento de IFRAME, lo que permite a atacantes remotos falsificar contenido a través de un sitio web manipulado que interfiere con la barra de desplazamiento. • http://googlechromereleases.blogspot.com/2014/10/chrome-for-android-update.html https://crbug.com/406593 https://src.chromium.org/viewvc/blink?revision=182021&view=revision • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •