CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2014-1732
https://notcve.org/view.php?id=CVE-2014-1732
Use-after-free vulnerability in browser/ui/views/speech_recognition_bubble_views.cc in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via an INPUT element that triggers the presence of a Speech Recognition Bubble window for an incorrect duration. Vulnerabilidad de uso después de liberación en browser/ui/views/speech_recognition_bubble_views.cc en Google Chrome anterior a 34.0.1847.131 en Windows y OS X y anterior a 34.0.1847.132 en Linux permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un elemento INPUT que provoca la presencia de una ventana Speech Recognition Bubble para una duración incorrecta. • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html http://secunia.com/advisories/58301 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-2920 https://code.google.com/p/chromium/issues/detail?id=352851 https://src.chromium.org/viewvc/chrome?revision=261737&view=revision • CWE-416: Use After Free •
CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0CVE-2014-1730
https://notcve.org/view.php?id=CVE-2014-1730
Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc. Google V8, utilizado en Google Chrome anterior a 34.0.1847.131 en Windows y OS X y anterior a 34.0.1847.132 en Linux, no almacena debidamente metadatos de internacionalización, lo que permite a atacantes remotos evadir restricciones de acceso mediante el aprovechamiento de "confusión de tipo" y la lectura de valores de propiedad, relacionado con i18n.js y runtime.cc. • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html http://secunia.com/advisories/58301 http://secunia.com/advisories/60372 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-2920 https://code.google.com/p/chromium/issues/detail?id=354967 https://code.google.com/p/v8/source/detail?r • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2014-1733
https://notcve.org/view.php?id=CVE-2014-1733
The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandbox restrictions by leveraging renderer access. La función PointerCompare en codegen.cc en Seccomp-BPF, utilizado en Google Chrome anterior a 34.0.1847.131 en Windows y OS X y anterior a 34.0.1847.132 en Linux, no fusiona debidamente bloques, lo que podría permitir a atacantes remotos evadir restricciones sandbox mediante el aprovechamiento de acceso renderer. • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html http://secunia.com/advisories/58301 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-2920 https://code.google.com/p/chromium/issues/detail?id=351103 https://src.chromium.org/viewvc/chrome?revision=260157&view=revision • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2014-1724
https://notcve.org/view.php?id=CVE-2014-1724
Use-after-free vulnerability in Free(b)soft Laboratory Speech Dispatcher 0.7.1, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service (application hang) or possibly have unspecified other impact via a text-to-speech request. Vulnerabilidad de uso después de liberación en Free(b)soft Laboratory Speech Dispatcher 0.7.1, utilizado en Google Chrome anterior a 34.0.1847.116, permite a atacantes remotos causar una denegación de servicio (cuelgue de aplicación) o posiblemente tener otro impacto a través de una solicitud text-to-speech. • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00012.html http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-2905 https://code.google.com/p/chromium/issues/detail?id=327295 https://src.chromium.org/viewvc/chrome?revision=259109&view=revision • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2014-1720
https://notcve.org/view.php?id=CVE-2014-1720
Use-after-free vulnerability in the HTMLBodyElement::insertedInto function in core/html/HTMLBodyElement.cpp in Blink, as used in Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving attributes. Vulnerabilidad de uso después de liberación en la función HTMLBodyElement::insertedInto en core/html/HTMLBodyElement.cpp en Blink, utilizado en Google Chrome anterior a 34.0.1847.116, permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores involucrando atributos. • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00012.html http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-2905 https://code.google.com/p/chromium/issues/detail?id=356095 https://src.chromium.org/viewvc/blink?revision=170216&view=revision • CWE-399: Resource Management Errors •