Lucene search

K

13 matches found

CVE
CVE
added 2014/08/27 1:55 a.m.82 views

CVE-2014-3177

Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3176.

10CVSS7.4AI score0.23379EPSS
CVE
CVE
added 2014/08/13 4:57 a.m.74 views

CVE-2014-3166

The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of ...

4.3CVSS5.6AI score0.00773EPSS
CVE
CVE
added 2014/08/13 4:57 a.m.73 views

CVE-2014-3167

Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

7.5CVSS6.8AI score0.00482EPSS
CVE
CVE
added 2014/08/27 1:55 a.m.67 views

CVE-2014-3168

Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation.

7.5CVSS7AI score0.01558EPSS
CVE
CVE
added 2014/08/27 1:55 a.m.67 views

CVE-2014-3176

Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3177.

10CVSS7.4AI score0.23379EPSS
CVE
CVE
added 2014/08/27 1:55 a.m.65 views

CVE-2014-3171

Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper use of HashMap add operations instead of HashMap set operations, related to b...

7.5CVSS7AI score0.01783EPSS
CVE
CVE
added 2014/08/13 4:57 a.m.64 views

CVE-2014-3165

Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger ...

7.5CVSS7AI score0.01215EPSS
CVE
CVE
added 2014/08/27 1:55 a.m.63 views

CVE-2014-3169

Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging script execution that occurs before notification ...

7.5CVSS7.1AI score0.03248EPSS
CVE
CVE
added 2014/08/27 1:55 a.m.60 views

CVE-2014-3175

Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors, related to the load_truetype_glyph function in truetype/ttgload.c in FreeType and other functions in other components.

10CVSS6.9AI score0.02031EPSS
CVE
CVE
added 2014/08/27 1:55 a.m.59 views

CVE-2014-3173

The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer, which allows remote attackers to cause a denial of service (read of uninitialized memory) via a crafted CANVAS element, related to gpu/command_buffer/ser...

5CVSS6AI score0.02166EPSS
CVE
CVE
added 2014/08/27 1:55 a.m.59 views

CVE-2014-3174

modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allows remote attackers to cause a denial of service (read of un...

5CVSS6AI score0.02166EPSS
CVE
CVE
added 2014/08/27 1:55 a.m.58 views

CVE-2014-3172

The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as demonstrat...

6.4CVSS6.1AI score0.0048EPSS
CVE
CVE
added 2014/08/27 1:55 a.m.49 views

CVE-2014-3170

extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '\0' character in a host name, which allows remote attackers to spoof the extension permission dialog by relying on truncation after this character.

6.4CVSS5.9AI score0.00677EPSS