7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.096 Low
EPSS
Percentile
94.2%
CVE-2014-7899 (address bar spoofing)
A flaw allows remote attackers to spoof the address bar by placing a
blob: substring at the beginning of the URL, followed by the original
URI scheme and a long username string.
CVE-2014-7900 (use-after-free)
Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile
function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via a crafted PDF document.
CVE-2014-7901 (integer overflow)
Integer overflow in the opj_t2_read_packet_data function in
fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium allows
remote attackers to cause a denial of service or possibly have
unspecified other impact via a long segment in a JPEG image.
CVE-2014-7902 (use-after-free)
Use-after-free vulnerability in PDFium allows remote attackers to cause
a denial of service or possibly have unspecified other impact via a
crafted PDF document.
CVE-2014-7903 (buffer overflow)
Buffer overflow in OpenJPEG before r2911 in PDFium allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via a crafted JPEG image.
CVE-2014-7904 (buffer overflow)
Buffer overflow in Skia allows remote attackers to cause a denial of
service or possibly have unspecified other impact via unknown vectors.
CVE-2014-7906 (use-after-free)
Use-after-free vulnerability in the Pepper plugins allows remote
attackers to cause a denial of service or possibly have unspecified
other impact via crafted Flash content that triggers an attempted
PepperMediaDeviceManager access outside of the object’s lifetime.
CVE-2014-7907 (use-after-free)
Multiple use-after-free vulnerabilities in
modules/screen_orientation/ScreenOrientationController.cpp in Blink
allow remote attackers to cause a denial of service or possibly have
unspecified other impact via vectors that trigger improper handling of a
detached frame, related to the (1) lock and (2) unlock methods.
CVE-2014-7908 (integer overflow)
Multiple integer overflows in the CheckMov function in
media/base/container_names.cc allow remote attackers to cause a denial
of service or possibly have unspecified other impact via a large atom in
(1) MPEG-4 or (2) QuickTime .mov data.
CVE-2014-7909 (uninitialized memory read)
A flaw in effects/SkDashPathEffect.cpp in Skia computes a hash key using
uninitialized integer values, which might allow remote attackers to
cause a denial of service by rendering crafted data.
CVE-2014-7910 (various issues)
Various issues from internal audits, fuzzing and other initiatives that
allow attackers to cause a denial of service or possibly have other impact.
googlechromereleases.blogspot.in/2014/11/stable-channel-update_18.html
www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7899
www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7900
www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7901
www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7902
www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7903
www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7904
www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7906
www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7907
www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7908
www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7909
www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-7910