CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2014-1719
https://notcve.org/view.php?id=CVE-2014-1719
Use-after-free vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function in content/worker/websharedworker_stub.cc in the Web Workers implementation in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact via vectors that trigger a SharedWorker termination during script loading. Vulnerabilidad de uso después de liberación en la función WebSharedWorkerStub::OnTerminateWorkerContext en content/worker/websharedworker_stub.cc en la implementación Web Workers en Google Chrome anterior a 34.0.1847.116 permite a atacantes remotos causar una denegación de servicio (corrupción de memoria dinámica) o posiblemente tener otro impacto no especificado a través de vectores que provocan una terminación de SharedWorker durante la carga de script. • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00012.html http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-2905 https://code.google.com/p/chromium/issues/detail?id=343661 https://src.chromium.org/viewvc/chrome?revision=252010&view=revision • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2014-1727
https://notcve.org/view.php?id=CVE-2014-1727
Use-after-free vulnerability in content/renderer/renderer_webcolorchooser_impl.h in Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to forms. Vulnerabilidad de uso después de liberación en content/renderer/renderer_webcolorchooser_impl.h en Google Chrome anterior a 34.0.1847.116 permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de vectores relacionados con formularios. • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00012.html http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-2905 https://code.google.com/p/chromium/issues/detail?id=342735 https://src.chromium.org/viewvc/chrome?revision=255276&view=revision • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 6%CPEs: 9EXPL: 0CVE-2014-1705 – Google Chrome V8 Arbitrary Memory Read/Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1705
Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Google V8, utilizado en Google Chrome anterior a 33.0.1750.152 en OS X y Linux y anterior a 33.0.1750.154 en Windows, permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TypedArray objects. By carefully manipulating a TypedArray object an attacker can read and write data to any address. • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-2883 https://code.google.com/p/chromium/issues/detail?id=351787 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-1715 – Google Chrome Directory Traversal Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2014-1715
Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors. Vulnerabilidad de salto de directorio en Google Chrome anterior a 33.0.1750.152 en OS X y Linux y anterior a 33.0.1750.154 en Windows tiene vectores de impacto y ataque no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of directories. The issue lies in the failure to fully check for directory traversal attempts. • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-2883 http://www.securityfocus.com/bid/66249 https://code.google.com/p/chromium/issues/detail?id=352429 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 1%CPEs: 107EXPL: 0CVE-2014-1703
https://notcve.org/view.php?id=CVE-2014-1703
Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/renderer_host/websocket_dispatcher_host.cc in the Web Sockets implementation in Google Chrome before 33.0.1750.149 might allow remote attackers to bypass the sandbox protection mechanism by leveraging an incorrect deletion in a certain failure case. Vulnerabilidad de uso después de liberación en la función WebSocketDispatcherHost::SendOrDrop en content/browser/renderer_host/websocket_dispatcher_host.cc en la implementación Web Sockets en Google Chrome anterior a 33.0.1750.149 podría permitir a atacantes remotos evadir el mecanismo de protección sandbox mediante el aprovechamiento de una eliminación incorrecta en cierto caso de fallo. • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-2883 http://www.securitytracker.com/id/1029914 https://code.google.com/p/chromium/issues/detail?id=338354 https://src.chromium.org/viewvc/chrome?revision=247627&view=revision • CWE-399: Resource Management Errors •