Google Chrome vulnerabilities

CVE-2011-1795 [HIGH] CWE-189 CVE-2011-1795: Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in Integer underflow in the HTMLFormElement::removeFormElement function in html/HTMLFormElement.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted HTML document containing a FORM element.

CVE-2011-1796 [HIGH] CVE-2011-1796: Use-after-free vulnerability in the FrameView::calculateScrollbarModesForLayout function in page/Fra Use-after-free vulnerability in the FrameView::calculateScrollbarModesForLayout function in page/FrameView.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that calls the removeChild method during interaction

CVE-2011-1794 [HIGH] CWE-189 CVE-2011-1794: Integer overflow in the FilterEffect::copyImageBytes function in platform/graphics/filters/FilterEff Integer overflow in the FilterEffect::copyImageBytes function in platform/graphics/filters/FilterEffect.cpp in the SVG filter implementation in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted dimensions.

CVE-2014-7906 [HIGH] CWE-399 CVE-2014-7906: Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remot Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flash content that triggers an attempted PepperMediaDeviceManager access outside of the object's lifetime.

CVE-2014-7903 [HIGH] CWE-119 CVE-2014-7903: Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chrome before 39.0.2171.65, al Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG image.

CVE-2014-7908 [HIGH] CWE-189 CVE-2014-7908: Multiple integer overflows in the CheckMov function in media/base/container_names.cc in Google Chrom Multiple integer overflows in the CheckMov function in media/base/container_names.cc in Google Chrome before 39.0.2171.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a large atom in (1) MPEG-4 or (2) QuickTime .mov data.

CVE-2014-7900 [HIGH] CWE-399 CVE-2014-7900: Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile function in fpdfapi/fpdf_parser/fp Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.

CVE-2014-7907 [HIGH] CWE-399 CVE-2014-7907: Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cp Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cpp in Blink, as used in Google Chrome before 39.0.2171.65, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger improper handling of a detached frame, related to the (1) lock and (2) unlock

CVE-2014-7902 [HIGH] CWE-17 CVE-2014-7902: Use-after-free vulnerability in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote Use-after-free vulnerability in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.

CVE-2014-7904 [HIGH] CWE-119 CVE-2014-7904: Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to ca Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVE-2014-7901 [HIGH] CWE-189 CVE-2014-7901: Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2. Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long segment in a JPEG image.

CVE-2014-7910 [HIGH] CVE-2014-7910: Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2014-7905 [MEDIUM] CWE-284 CVE-2014-7905: Google Chrome before 39.0.2171.65 on Android does not prevent navigation to a URL in cases where an Google Chrome before 39.0.2171.65 on Android does not prevent navigation to a URL in cases where an intent for the URL lacks CATEGORY_BROWSABLE, which allows remote attackers to bypass intended access restrictions via a crafted web site.

CVE-2014-7909 [MEDIUM] CWE-189 CVE-2014-7909: effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before 39.0.2171.65, computes a hash effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before 39.0.2171.65, computes a hash key using uninitialized integer values, which might allow remote attackers to cause a denial of service by rendering crafted data.

CVE-2014-7899 [MEDIUM] CWE-20 CVE-2014-7899: Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blo Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string.

CVE-2014-3201 [MEDIUM] CWE-119 CVE-2014-3201: core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0. core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows remote attackers to spoof content via a crafted web site that interferes with the scrollbar.

CVE-2014-3188 [CRITICAL] CWE-94 CVE-2014-3188: Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the int Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in json-parser.h.

CVE-2014-3190 [HIGH] CWE-416 CVE-2014-3190: Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, Use-after-free vulnerability in the Event::currentTarget function in core/events/Event.cpp in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that accesses the path property of an Event object.

CVE-2014-3189 [HIGH] CWE-264 CVE-2014-3189: The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome bef The chrome_pdf::CopyImage function in pdf/draw_utils.cc in the PDFium component in Google Chrome before 38.0.2125.101 does not properly validate image-data dimensions, which allows remote attackers to cause a denial of service (out-of-bounds read) or possibly have unspecified other impact via unknown vectors.

CVE-2014-3194 [HIGH] CWE-416 CVE-2014-3194: Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 38.0.2125.101 Use-after-free vulnerability in the Web Workers implementation in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.