10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.043 Low
EPSS
Percentile
91.3%
Google Chrome Releases reports:
159 security fixes in this release, including 113 found using
MemorySanitizer:
[416449] Critical CVE-2014-3188: A special thanks to Jüri Aedla
for a combination of V8 and IPC bugs that can lead to remote code
execution outside of the sandbox.
[398384] High CVE-2014-3189: Out-of-bounds read in PDFium.
Credit to cloudfuzzer.
[400476] High CVE-2014-3190: Use-after-free in Events. Credit
to cloudfuzzer.
[402407] High CVE-2014-3191: Use-after-free in Rendering.
Credit to cloudfuzzer.
[403276] High CVE-2014-3192: Use-after-free in DOM. Credit to
cloudfuzzer.
[399655] High CVE-2014-3193: Type confusion in Session Management.
Credit to miaubiz.
[401115] High CVE-2014-3194: Use-after-free in Web Workers.
Credit to Collin Payne.
[403409] Medium CVE-2014-3195: Information Leak in V8. Credit
to Jüri Aedla.
[338538] Medium CVE-2014-3196: Permissions bypass in Windows
Sandbox. Credit to James Forshaw.
[396544] Medium CVE-2014-3197: Information Leak in XSS Auditor.
Credit to Takeshi Terada.
[415307] Medium CVE-2014-3198: Out-of-bounds read in PDFium.
Credit to Atte Kettunen of OUSPG.
[395411] Low CVE-2014-3199: Release Assert in V8 bindings.
Credit to Collin Payne.
[420899] CVE-2014-3200: Various fixes from internal audits,
fuzzing and other initiatives (Chrome 38).
Multiple vulnerabilities in V8 fixed at the tip of the 3.28
branch (currently 3.28.71.15).