CVE-2014-3176
https://notcve.org/view.php?id=CVE-2014-3176
Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3177. Google Chrome anterior a 37.0.2062.94 no maneja debidamente la interacción de las extensiones, IPC, la API sync y Google V8, lo que permite a atacantes remotos ejecutar código arbitrario a través de vectores no especificados, una vulnerabilidad diferente a CVE-2014-3177. • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html http://secunia.com/advisories/60268 http://secunia.com/advisories/61482 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-3039 http://www.securityfocus.com/bid/69404 http://www.securitytracker.com/id/1030767 https://crbug.com/386988 https://exchange.xforce.ibmcloud.com/vulnerabilities/95476 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2014-3173
https://notcve.org/view.php?id=CVE-2014-3173
The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer, which allows remote attackers to cause a denial of service (read of uninitialized memory) via a crafted CANVAS element, related to gpu/command_buffer/service/framebuffer_manager.cc and gpu/command_buffer/service/gles2_cmd_decoder.cc. La implementación WebGL en Google Chrome anterior a 37.0.2062.94 no asegura que llamadas claras interactúan debidamente con el estado de un buffer de dibujo, lo que permite a atacantes remotos causar una denegación de servicio (lectura de memoria no inicializada) a través de un elemento CANVAS manipulado, relacionado con gpu/command_buffer/service/framebuffer_manager.cc y gpu/command_buffer/service/gles2_cmd_decoder.cc. • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html http://secunia.com/advisories/60268 http://secunia.com/advisories/60424 http://secunia.com/advisories/61482 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-3039 http://www.securityfocus.com/bid/69403 http://www.securitytracker.com/id/1030767 https://crbug.com/376951 https://exchange. • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2014-3169
https://notcve.org/view.php?id=CVE-2014-3169
Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging script execution that occurs before notification of node removal. Vulnerabilidad de uso después de liberación en core/dom/ContainerNode.cpp en la implementación DOM en Blink, utilizado en Google Chrome anterior a 37.0.2062.94, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado mediante el aprovechamiento de la ejecución de secuencias de comandos que ocurre antes de una notificación de la eliminación de nodos. • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html http://secunia.com/advisories/60268 http://secunia.com/advisories/60424 http://secunia.com/advisories/61482 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-3039 http://www.securityfocus.com/bid/69405 http://www.securitytracker.com/id/1030767 https://crbug.com/387389 https://exchange. •
CVE-2014-3172
https://notcve.org/view.php?id=CVE-2014-3172
The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as demonstrated by a chrome:// URL. La Api de extensión Debugger en browser/extensions/api/debugger/debugger_api.cc en Google Chrome anterior a 37.0.2062.94 no valida la URL de una pestaña antes de una operación de adjuntar, lo que permite a atacantes remotos evadir las limitaciones de acceso a través de una extensión que utiliza una URL restringida, como fue demostrado por una URL chrome://. • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html http://secunia.com/advisories/60268 http://secunia.com/advisories/61482 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-3039 http://www.securityfocus.com/bid/69401 http://www.securitytracker.com/id/1030767 https://crbug.com/367567 https://exchange.xforce.ibmcloud.com/vulnerabilities/95472 htt • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2014-3165
https://notcve.org/view.php?id=CVE-2014-3165
Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an unexpectedly long lifetime of a temporary object during method completion. Vulnerabilidad de uso después de liberación en modules/websockets/WorkerThreadableWebSocketChannel.cpp en la implementación Web Sockets en Blink, utilizado en Google Chrome anterior a 36.0.1985.143, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto a través de vectores que provocan un tiempo de vida inesperadamente largo de un objeto temporal durante el completado del método. • http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html http://secunia.com/advisories/59904 http://secunia.com/advisories/60798 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-3039 http://www.securityfocus.com/bid/69201 http://www.securitytracker.com/id/1030732 https://code.google.com/p/chromium/issues/detail?id=390174 https://exchange.xforce.ibmcloud.com/vulnerabilities/95247 https://src.chromium.org/viewvc/blink?revisio •