CVSS: 7.5EPSS: 1%CPEs: 5EXPL: 0CVE-2014-1732
https://notcve.org/view.php?id=CVE-2014-1732
Use-after-free vulnerability in browser/ui/views/speech_recognition_bubble_views.cc in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux allows remote attackers to cause a denial of service or possibly have unspecified other impact via an INPUT element that triggers the presence of a Speech Recognition Bubble window for an incorrect duration. Vulnerabilidad de uso después de liberación en browser/ui/views/speech_recognition_bubble_views.cc en Google Chrome anterior a 34.0.1847.131 en Windows y OS X y anterior a 34.0.1847.132 en Linux permite a atacantes remotos causar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un elemento INPUT que provoca la presencia de una ventana Speech Recognition Bubble para una duración incorrecta. • http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html http://secunia.com/advisories/58301 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-2920 https://code.google.com/p/chromium/issues/detail?id=352851 https://src.chromium.org/viewvc/chrome?revision=261737&view=revision • CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2014-1706
https://notcve.org/view.php?id=CVE-2014-1706
crosh in Google Chrome OS before 33.0.1750.152 allows attackers to inject commands via unspecified vectors. caída en Google Chrome OS anterior a 33.0.1750.152 permite a atacantes inyectar comandos a través de vectores no especificados. • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html https://code.google.com/p/chromium/issues/detail?id=351796 •
CVSS: 7.5EPSS: 6%CPEs: 9EXPL: 0CVE-2014-1705 – Google Chrome V8 Arbitrary Memory Read/Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2014-1705
Google V8, as used in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. Google V8, utilizado en Google Chrome anterior a 33.0.1750.152 en OS X y Linux y anterior a 33.0.1750.154 en Windows, permite a atacantes remotos causar una denegación de servicio (corrupción de memoria) o posiblemente tener otro impacto no especificado a través de vectores desconocidos. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of TypedArray objects. By carefully manipulating a TypedArray object an attacker can read and write data to any address. • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-2883 https://code.google.com/p/chromium/issues/detail?id=351787 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2014-1715 – Google Chrome Directory Traversal Sandbox Escape Vulnerability
https://notcve.org/view.php?id=CVE-2014-1715
Directory traversal vulnerability in Google Chrome before 33.0.1750.152 on OS X and Linux and before 33.0.1750.154 on Windows has unspecified impact and attack vectors. Vulnerabilidad de salto de directorio en Google Chrome anterior a 33.0.1750.152 en OS X y Linux y anterior a 33.0.1750.154 en Windows tiene vectores de impacto y ataque no especificados. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of directories. The issue lies in the failure to fully check for directory traversal attempts. • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_14.html http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-2883 http://www.securityfocus.com/bid/66249 https://code.google.com/p/chromium/issues/detail?id=352429 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 0CVE-2014-1707
https://notcve.org/view.php?id=CVE-2014-1707
Directory traversal vulnerability in CrosDisks in Google Chrome OS before 33.0.1750.152 has unspecified impact and attack vectors. Vulnerabilidad de salto de directorio en CrosDisks en Google Chrome OS anterior a 33.0.1750.152 tiene vectores de impacto y ataque no especificados. • http://googlechromereleases.blogspot.com/2014/03/stable-channel-update-for-chrome-os_14.html https://code.google.com/p/chromium/issues/detail?id=351811 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •