FreeBSDD2BBCC01-4EC3-11E4-AB3F-00262D5ED8EEchromium -- multiple vulnerabilities
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.043 Low
EPSS
Percentile
91.3%
Google Chrome Releases reports:
159 security fixes in this release, including 113 found using
MemorySanitizer:
[416449] Critical CVE-2014-3188: A special thanks to Jüri Aedla
for a combination of V8 and IPC bugs that can lead to remote code
execution outside of the sandbox.
[398384] High CVE-2014-3189: Out-of-bounds read in PDFium.
Credit to cloudfuzzer.
[400476] High CVE-2014-3190: Use-after-free in Events. Credit
to cloudfuzzer.
[402407] High CVE-2014-3191: Use-after-free in Rendering.
Credit to cloudfuzzer.
[403276] High CVE-2014-3192: Use-after-free in DOM. Credit to
cloudfuzzer.
[399655] High CVE-2014-3193: Type confusion in Session Management.
Credit to miaubiz.
[401115] High CVE-2014-3194: Use-after-free in Web Workers.
Credit to Collin Payne.
[403409] Medium CVE-2014-3195: Information Leak in V8. Credit
to Jüri Aedla.
[338538] Medium CVE-2014-3196: Permissions bypass in Windows
Sandbox. Credit to James Forshaw.
[396544] Medium CVE-2014-3197: Information Leak in XSS Auditor.
Credit to Takeshi Terada.
[415307] Medium CVE-2014-3198: Out-of-bounds read in PDFium.
Credit to Atte Kettunen of OUSPG.
[395411] Low CVE-2014-3199: Release Assert in V8 bindings.
Credit to Collin Payne.
[420899] CVE-2014-3200: Various fixes from internal audits,
fuzzing and other initiatives (Chrome 38).
Multiple vulnerabilities in V8 fixed at the tip of the 3.28
branch (currently 3.28.71.15).
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.043 Low
EPSS
Percentile
91.3%