Google Chrome vulnerabilities

CVE-2014-3173 [MEDIUM] CWE-119 CVE-2014-3173: The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls inter The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer, which allows remote attackers to cause a denial of service (read of uninitialized memory) via a crafted CANVAS element, related to gpu/command_buffer/service/framebuffer_manager.cc and gpu/command_buffer/ser

CVE-2014-3174 [MEDIUM] CWE-119 CVE-2014-3174: modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allows remote attackers to cause a denial of service (read of uninitialized memory) via crafted API calls.

CVE-2014-3172 [MEDIUM] CWE-264 CVE-2014-3172: The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome befor The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as demonstrated by a chrome:// URL.

CVE-2014-3170 [MEDIUM] CWE-264 CVE-2014-3170: extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '\0' extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '\0' character in a host name, which allows remote attackers to spoof the extension permission dialog by relying on truncation after this character.

CVE-2014-3167 [HIGH] CVE-2014-3167: Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2014-3165 [HIGH] CVE-2014-3165: Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web S Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an unexpectedly long lifetime of a temporary object during metho

CVE-2014-3166 [MEDIUM] CVE-2014-3166: The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names.

CVE-2014-3161 [HIGH] CWE-264 CVE-2014-3161: The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video stream.

CVE-2014-3162 [MEDIUM] CVE-2014-3162: Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

CVE-2014-3160 [MEDIUM] CWE-264 CVE-2014-3160: The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Goog The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file.

CVE-2014-3159 [MEDIUM] CWE-20 CVE-2014-3159: The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/ The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote attackers to spoof the URL in the Omnibox via unspecified vectors.

CVE-2014-3154 [HIGH] CVE-2014-3154: Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/child_thread.cc Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/child_thread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a Blink shutdown.

CVE-2014-3157 [HIGH] CWE-119 CVE-2014-3157: Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpe Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging VideoFrame data structures that are too small for proper interaction with an underlying F

CVE-2014-3156 [HIGH] CWE-119 CVE-2014-3156: Buffer overflow in the clipboard implementation in Google Chrome before 35.0.1916.153 allows remote Buffer overflow in the clipboard implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger unexpected bitmap data, related to content/renderer/renderer_clipboard_client.cc and content/renderer/webclipboard_impl.cc.

CVE-2014-3155 [MEDIUM] CVE-2014-3155: net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue maintenance.

CVE-2014-1745 [HIGH] CWE-399 CVE-2014-1745: Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35. Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related to core/svg/SVGFontFaceElement.cpp.

CVE-2014-1743 [HIGH] CWE-399 CVE-2014-1743: Use-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElem Use-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers tree mutation.

CVE-2014-1744 [HIGH] CWE-189 CVE-2014-1744: Integer overflow in the AudioInputRendererHost::OnCreateStream function in content/browser/renderer_ Integer overflow in the AudioInputRendererHost::OnCreateStream function in content/browser/renderer_host/media/audio_input_renderer_host.cc in Google Chrome before 35.0.1916.114 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large shared-memory allocation.

CVE-2014-3152 [HIGH] CWE-189 CVE-2014-3152: Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Goo Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a negative key value.

CVE-2014-1749 [HIGH] CVE-2014-1749: Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.