CVSS: 5.0EPSS: 3%CPEs: 104EXPL: 0CVE-2014-3155
https://notcve.org/view.php?id=CVE-2014-3155
net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue maintenance. net/spdy/spdy_write_queue.cc en la implementación SPDY en Google Chrome anterior a 35.0.1916.153 permite a atacantes remotos causar una denegación de servicio (lectura fuera de rango) mediante el aprovechamiento del mantenimiento incorrecto de colas. • http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html http://secunia.com/advisories/58585 http://secunia.com/advisories/59090 http://secunia.com/advisories/60061 http://secunia.com/advisories/60372 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-2959 http://www.securityfocus.com/bid/67980 https://code.google.com/p/chromium/issues/detail?id=369539 https://src.chromium.org/viewvc/chrome?revision=267984&view=revision h •
CVSS: 7.5EPSS: 1%CPEs: 104EXPL: 0CVE-2014-3156
https://notcve.org/view.php?id=CVE-2014-3156
Buffer overflow in the clipboard implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger unexpected bitmap data, related to content/renderer/renderer_clipboard_client.cc and content/renderer/webclipboard_impl.cc. Desbordamiento de buffer en la implementación de portapapeles en Google Chrome anterior a 35.0.1916.153 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores que provocan datos no esperados de mapa de bits, relacionado con content/renderer/renderer_clipboard_client.cc y content/renderer/webclipboard_impl.cc. • http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html http://secunia.com/advisories/58585 http://secunia.com/advisories/59090 http://secunia.com/advisories/60061 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-2959 http://www.securityfocus.com/bid/67981 https://code.google.com/p/chromium/issues/detail?id=369621 https://src.chromium.org/viewvc/chrome?revision=271730&view=revision • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 104EXPL: 0CVE-2014-3157
https://notcve.org/view.php?id=CVE-2014-3157
Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging VideoFrame data structures that are too small for proper interaction with an underlying FFmpeg library. Desbordamiento de buffer basado en memoria dinámica en la función FFmpegVideoDecoder::GetVideoBuffer en media/filters/ffmpeg_video_decoder.cc en Google Chrome anterior a 35.0.1916.153 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado mediante el aprovechamiento de estructuras de datos VideoFrame que son demasiado pequeñas para la interacción debida con una libraría FFmpeg subyacente. • http://googlechromereleases.blogspot.com/2014/06/stable-channel-update.html http://secunia.com/advisories/58585 http://secunia.com/advisories/59090 http://secunia.com/advisories/60061 http://secunia.com/advisories/60372 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-2959 http://www.securityfocus.com/bid/67972 https://code.google.com/p/chromium/issues/detail?id=368980 https://src.chromium.org/viewvc/chrome?revision=268831&view=revision • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 2%CPEs: 80EXPL: 2CVE-2014-3803
https://notcve.org/view.php?id=CVE-2014-3803
The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute. La funcionalidad SpeechInput en Blink, utilizado en Google Chrome anterior a 35.0.1916.114, permite a atacantes remotos habilitar acceso a micrófono y obtener texto de reconocimiento de voz sin indicación a través de un elemento INPUT con un atributo -x-webkit-speech. • http://blog.guya.net/2014/04/07/to-listen-without-consent-abusing-the-html5-speech http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html http://secunia.com/advisories/60372 http://www.securityfocus.com/bid/67582 https://code.google.com/p/chromium/issues/detail?id=360448 https://src.chromium.org/viewvc/blink?revision=171373&view=revision • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 1%CPEs: 112EXPL: 0CVE-2014-3152
https://notcve.org/view.php?id=CVE-2014-3152
Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a negative key value. Desbordamiento de enteros en la función LCodeGen::PrepareKeyedOperand en arm/lithium-codegen-arm.cc en Google V8 anterior a 3.25.28.16, utilizado en Google Chrome anterior a 35.0.1916.114, permite a atacantes remotos causar una denegación de servicios o posiblemente tener otro impacto no especificado a través de vectores que provocan un valor de clave negativo. • http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157338.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157357.html http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157363.html http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html http://secunia.com/advisories/58920 http://secunia.com/advisories/59155 http://secunia.com/advisories/60372 http://www.de • CWE-189: Numeric Errors •