CVSS: 7.5EPSS: 1%CPEs: 82EXPL: 0CVE-2014-3171
https://notcve.org/view.php?id=CVE-2014-3171
Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper use of HashMap add operations instead of HashMap set operations, related to bindings/core/v8/DOMWrapperMap.h and bindings/core/v8/SerializedScriptValue.cpp. Vulnerabilidad de uso después de liberación en los enlaces V8 en Blink, utilizado en Google Chrome anterior a 37.0.2062.94, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado mediante el aprovechamiento del uso indebido de operaciones de añadir HashMap en lugar de operaciones de configurar HashMap, relacionado con bindings/core/v8/DOMWrapperMap.h y bindings/core/v8/SerializedScriptValue.cpp. • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html http://secunia.com/advisories/60268 http://secunia.com/advisories/60424 http://secunia.com/advisories/61482 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-3039 http://www.securityfocus.com/bid/69406 http://www.securitytracker.com/id/1030767 https://crbug.com/390928 https://exchange. •
CVSS: 10.0EPSS: 6%CPEs: 82EXPL: 0CVE-2014-3177
https://notcve.org/view.php?id=CVE-2014-3177
Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3176. Google Chrome anterior a 37.0.2062.94 no maneja debidamente la interacción de las extensiones, IPC, la API sync, y Google V8, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-3176. • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html http://secunia.com/advisories/60268 http://secunia.com/advisories/61482 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-3039 http://www.securityfocus.com/bid/69404 http://www.securitytracker.com/id/1030767 https://crbug.com/386988 https://exchange.xforce.ibmcloud.com/vulnerabilities/95477 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 5.0EPSS: 1%CPEs: 82EXPL: 0CVE-2014-3174
https://notcve.org/view.php?id=CVE-2014-3174
modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allows remote attackers to cause a denial of service (read of uninitialized memory) via crafted API calls. modules/webaudio/BiquadDSPKernel.cpp en la implementación Web Audio API en Blink, utilizado en Google Chrome anterior a 37.0.2062.94, no considera debidamente los hilos concurrentes durante intentos de actualizar los coeficientes de filtros biquad, lo que permite a atacantes remotos causar una denegación de servicio (lectura de memoria no inicializada) a través de llamadas de API manipuladas. • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html http://secunia.com/advisories/60268 http://secunia.com/advisories/60424 http://secunia.com/advisories/61482 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-3039 http://www.securityfocus.com/bid/69407 http://www.securitytracker.com/id/1030767 https://crbug.com/389219 https://exchange. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 0%CPEs: 82EXPL: 0CVE-2014-3175
https://notcve.org/view.php?id=CVE-2014-3175
Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors, related to the load_truetype_glyph function in truetype/ttgload.c in FreeType and other functions in other components. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 37.0.2062.94 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores desconocidos, relacionado con la función load_truetype_glyph en truetype/ttgload.c en FreeType y otras funciones en otros componentes. • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html http://secunia.com/advisories/60268 http://secunia.com/advisories/60424 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-3039 http://www.securityfocus.com/bid/69402 http://www.securitytracker.com/id/1030767 https://code.google.com/p/chromium/issues/detail?id=149871 https://code.google. •
CVSS: 6.4EPSS: 0%CPEs: 82EXPL: 0CVE-2014-3170
https://notcve.org/view.php?id=CVE-2014-3170
extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '\0' character in a host name, which allows remote attackers to spoof the extension permission dialog by relying on truncation after this character. extensions/common/url_pattern.cc en Google Chrome anterior a 37.0.2062.94 no previene el uso de un caracter '\0' en un nombre de anfitrión, lo que permite a atacantes remotos falsificar el dialogo del permiso de extensión mediante la dependencia en el truncado después de este caracter. • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html http://secunia.com/advisories/60268 http://secunia.com/advisories/61482 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-3039 http://www.securityfocus.com/bid/69400 http://www.securitytracker.com/id/1030767 https://crbug.com/390624 https://exchange.xforce.ibmcloud.com/vulnerabilities/95470 htt • CWE-264: Permissions, Privileges, and Access Controls •