Lucene search

ChromeCVE-2014-7935

HistoryJan 22, 2015 - 10:59 p.m.

CVE-2014-7935

2015-01-2222:59:16

Chrome

web.nvd.nist.gov

cve-2014-7935

security

vulnerability

browser

google chrome

speech

remote attack

denial of service

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.4

Confidence

High

EPSS

0.01

Percentile

83.7%

JSON

Use-after-free vulnerability in browser/speech/tts_message_filter.cc in the Speech implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving utterances from a closed tab.

Affected configurations

Nvd

Node

googlechromeRange≤40.0.2214.85

VendorProductVersionCPE
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	chrome	*	cpe:2.3:a:google:chrome::::::::

References

googlechromereleases.blogspot.com/2015/01/stable-update.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html

rhn.redhat.com/errata/RHSA-2015-0093.html

secunia.com/advisories/62383

secunia.com/advisories/62665

security.gentoo.org/glsa/glsa-201502-13.xml

www.securityfocus.com/bid/72288

www.securitytracker.com/id/1031623

code.google.com/p/chromium/issues/detail?id=402957

codereview.chromium.org/692203002

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

9.4

Confidence

High

EPSS

0.01

Percentile

83.7%

JSON

Related for CVE-2014-7935