CVSS: 7.5EPSS: 0%CPEs: 120EXPL: 0CVE-2014-3167
https://notcve.org/view.php?id=CVE-2014-3167
Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Múltiples vulnerabilidades no especificadas en Google Chrome anterior a 36.0.1985.143 permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos. • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html http://secunia.com/advisories/59904 http://secunia.com/advisories/60798 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-3039 http://www.securityfocus.com/bid/69203 http://www.securitytracker.com/id/1030732 https://code.google.com/p/chromium/issues/detail?id=400950 https://exchange.xforce.ibmcloud.com/vulnerabilities/95249 •
CVSS: 4.3EPSS: 0%CPEs: 10EXPL: 0CVE-2014-3166
https://notcve.org/view.php?id=CVE-2014-3166
The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names. La implementación Public Key Pinning (PKP) en Google Chrome anterior a 36.0.1985.143 en Windows, OS X, y Linux, y anterior a 36.0.1985.135 en Android, no considera correctamente las propiedades de las conexiones SPDY, lo que permite a atacantes remotos obtener información sensible mediante el aprovechamiento del uso de múltiples nombres de dominios. • http://googlechromereleases.blogspot.com/2014/08/chrome-for-android-update.html http://googlechromereleases.blogspot.com/2014/08/chrome-for-ios-update.html http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html http://secunia.com/advisories/59693 http://secunia.com/advisories/59904 http://secunia.com/advisories/60685 http://secunia.com/advisories/60798 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-3039 http://www.ietf.or •
CVSS: 7.5EPSS: 0%CPEs: 101EXPL: 0CVE-2014-3161
https://notcve.org/view.php?id=CVE-2014-3161
The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video stream. La función WebMediaPlayerAndroid::load en content/renderer/media/android/webmediaplayer_android.cc en Google Chrome anterior a 36.0.1985.122 en Android no interactúa debidamente con las redirecciones, lo que permite a atacantes remotos evadir Same Origin Policy a través de un sitio web manipulado que hospeda un flujo de vídeo. • http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html https://code.google.com/p/chromium/issues/detail?id=334204 https://src.chromium.org/viewvc/chrome?revision=266396&view=revision • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 6.4EPSS: 0%CPEs: 101EXPL: 0CVE-2014-3159
https://notcve.org/view.php?id=CVE-2014-3159
The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote attackers to spoof the URL in the Omnibox via unspecified vectors. La función WebContentsDelegateAndroid::OpenURLFromTab en components/web_contents_delegate_android/web_contents_delegate_android.cc en Google Chrome anterior a 36.0.1985.122 en Android no restringe debidamente la carga de URLs, lo que permite a atacantes remotos falsificar la URL en el Omnibox a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html https://code.google.com/p/chromium/issues/detail?id=352083 https://src.chromium.org/viewvc/chrome?revision=273865&view=revision • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 104EXPL: 0CVE-2014-3154
https://notcve.org/view.php?id=CVE-2014-3154
Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/child_thread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a Blink shutdown. Vulnerabilidad de uso después de liberación en la función ChildThread::Shutdown en content/child/child_thread.cc en la API del sistema de archivos en Google Chrome anterior a 35.0.1916.153 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores relacionados un apagado de Blink. • http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html http://secunia.com/advisories/58585 http://secunia.com/advisories/59090 http://secunia.com/advisories/60061 http://secunia.com/advisories/60372 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-2959 http://www.securityfocus.com/bid/67977 https://code.google.com/p/chromium/issues/detail?id=369525 https://src.chromium.org/viewvc/blink?revision=173620&view=revision ht •