FreeBSDFD5F305D-2D3D-11E4-AA3D-00262D5ED8EEchromium -- multiple vulnerabilities
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.063 Low
EPSS
Percentile
92.8%
Google Chrome Releases reports:
50 security fixes in this release, including:
[386988] Critical CVE-2014-3176, CVE-2014-3177: A special reward
to lokihardt@asrt for a combination of bugs in V8, IPC, sync, and
extensions that can lead to remote code execution outside of the
sandbox.
[369860] High CVE-2014-3168: Use-after-free in SVG. Credit to
cloudfuzzer.
[387389] High CVE-2014-3169: Use-after-free in DOM. Credit to
Andrzej Dyjak.
[390624] High CVE-2014-3170: Extension permission dialog spoofing.
Credit to Rob Wu.
[390928] High CVE-2014-3171: Use-after-free in bindings. Credit to
cloudfuzzer.
[367567] Medium CVE-2014-3172: Issue related to extension debugging.
Credit to Eli Grey.
[376951] Medium CVE-2014-3173: Uninitialized memory read in WebGL.
Credit to jmuizelaar.
[389219] Medium CVE-2014-3174: Uninitialized memory read in Web
Audio. Credit to Atte Kettunen from OUSPG.
[406143] CVE-2014-3175: Various fixes from internal audits, fuzzing
and other initiatives (Chrome 37).
References
Related
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.063 Low
EPSS
Percentile
92.8%