U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Keyword (text search): cpe:2.3:a:google:chrome:35.0.1916.5:*:*:*:*:*:*:*
There are 1,640 matching records.
Displaying matches 1,621 through 1,640.
Vuln ID Summary CVSS Severity
CVE-2014-3169

Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging script execution that occurs before notification of node removal.

Published: August 26, 2014; 9:55:05 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-3168

Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation.

Published: August 26, 2014; 9:55:05 PM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-3167

Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: August 13, 2014; 12:57:12 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-3166

The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names.

Published: August 13, 2014; 12:57:12 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-3165

Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an unexpectedly long lifetime of a temporary object during method completion.

Published: August 13, 2014; 12:57:12 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-3161

The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video stream.

Published: July 20, 2014; 7:12:50 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-3159

The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote attackers to spoof the URL in the Omnibox via unspecified vectors.

Published: July 20, 2014; 7:12:50 AM -0400
V3.x:(not available)
V2.0: 6.4 MEDIUM
CVE-2014-3157

Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging VideoFrame data structures that are too small for proper interaction with an underlying FFmpeg library.

Published: June 11, 2014; 6:57:18 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-3156

Buffer overflow in the clipboard implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger unexpected bitmap data, related to content/renderer/renderer_clipboard_client.cc and content/renderer/webclipboard_impl.cc.

Published: June 11, 2014; 6:57:18 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-3155

net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue maintenance.

Published: June 11, 2014; 6:57:18 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-3154

Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/child_thread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a Blink shutdown.

Published: June 11, 2014; 6:57:18 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-3803

The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute.

Published: May 21, 2014; 7:14:10 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-3152

Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a negative key value.

Published: May 21, 2014; 7:14:09 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-1749

Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Published: May 21, 2014; 7:14:09 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-1748

The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame.

Published: May 21, 2014; 7:14:09 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-1747

Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka "Universal XSS (UXSS)."

Published: May 21, 2014; 7:14:09 AM -0400
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2014-1746

The InMemoryUrlProtocol::Read function in media/filters/in_memory_url_protocol.cc in Google Chrome before 35.0.1916.114 relies on an insufficiently large integer data type, which allows remote attackers to cause a denial of service (out-of-bounds read) via vectors that trigger use of a large buffer.

Published: May 21, 2014; 7:14:09 AM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2014-1745

Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related to core/svg/SVGFontFaceElement.cpp.

Published: May 21, 2014; 7:14:09 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-1744

Integer overflow in the AudioInputRendererHost::OnCreateStream function in content/browser/renderer_host/media/audio_input_renderer_host.cc in Google Chrome before 35.0.1916.114 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger a large shared-memory allocation.

Published: May 21, 2014; 7:14:09 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-1743

Use-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers tree mutation.

Published: May 21, 2014; 7:14:09 AM -0400
V3.x:(not available)
V2.0: 7.5 HIGH