SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Google Chrome Vendors:   Google
Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code and Deny Service
SecurityTracker Alert ID:  1031623
SecurityTracker URL:  http://securitytracker.com/id/1031623
CVE Reference:   CVE-2014-7923, CVE-2014-7924, CVE-2014-7925, CVE-2014-7926, CVE-2014-7927, CVE-2014-7928, CVE-2014-7929, CVE-2014-7930, CVE-2014-7931, CVE-2014-7932, CVE-2014-7933, CVE-2014-7934, CVE-2014-7935, CVE-2014-7936, CVE-2014-7937, CVE-2014-7938, CVE-2014-7939, CVE-2014-7940, CVE-2014-7941, CVE-2014-7942, CVE-2014-7943, CVE-2014-7944, CVE-2014-7945, CVE-2014-7946, CVE-2014-7947, CVE-2014-7948, CVE-2015-1205, CVE-2015-1346   (Links to External Site)
Date:  Jan 23 2015
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 40.0.2214.91
Description:   Multiple vulnerabilities were reported in Google Chrome. A remote user can cause arbitrary code to be executed on the target user's system. A remote user can cause denial of service conditions.

A remote user can create specially crafted content that, when loaded by the target user, will execute arbitrary code or cause denial of service conditions on the target user's system.

A memory corruption flaw may occur in ICU [CVE-2014-7923].

A use-after-free memory error may occur in IndexedDB [CVE-2014-7924].

A use-after-free memory error may occur in WebAudio [CVE-2014-7925].

A memory corruption flaw may occur in ICU [CVE-2014-7926].

A memory corruption flaw may occur in the V8 engine [CVE-2014-7927].

A memory corruption flaw may occur in the V8 engine [CVE-2014-7928].

A use-after-free memory error may occur in DOM [CVE-2014-7930].

A memory corruption flaw may occur in the V8 engine [CVE-2014-7931].

A use-after-free memory error may occur in DOM [CVE-2014-7929].

A use-after-free memory error may occur in DOM [CVE-2014-7932].

A use-after-free memory error may occur in FFmpeg [CVE-2014-7933].

A use-after-free memory error may occur in DOM [CVE-2014-7934].

A use-after-free memory error may occur in Speech [CVE-2014-7935].

A use-after-free memory error may occur in Views [CVE-2014-7936].

A use-after-free memory error may occur in FFmpeg [CVE-2014-7937].

A memory corruption flaw may occur in Fonts [CVE-2014-7938].

A same-origin-bypass error may occur in the V8 engine [CVE-2014-7939].

A uninitialized-value error may occur in ICU [CVE-2014-7940].

A out-of-bounds read error may occur in UI [CVE-2014-7941].

A uninitialized-value error may occur in Fonts [CVE-2014-7942].

A out-of-bounds read error may occur in Skia [CVE-2014-7943].

A out-of-bounds read error may occur in PDFium [CVE-2014-7944].

A out-of-bounds read error may occur in PDFium [CVE-2014-7945].

A out-of-bounds read error may occur in Fonts [CVE-2014-7946].

A out-of-bounds read error may occur in PDFium [CVE-2014-7947].

A caching error may occur in AppCache [CVE-2014-7948].

A remote user can cause denial of service conditions [CVE-2015-1346].

Various other flaws exist [CVE-2015-1205].

yangdingning, Collin Payne, mark.buer [at] booktrack.com, Christian Holler, cloudfuzzer, Atte Kettunen of OUSPG, Aki Helin of OUSPG, Khalil Zhani, Christoph Diehl, Takeshi Terada, miaubiz, fuzztercluck, and jiayaoqijia reported these vulnerabilities.

Impact:   A remote user can create content that, when loaded by the target user, will execute arbitrary code on the target user's system.

A remote user can cause denial of service conditions.

Solution:   The vendor has issued a fix (40.0.2214.91).

The vendor's advisory is available at:

http://googlechromereleases.blogspot.com/2015/01/stable-update.html

Vendor URL:  googlechromereleases.blogspot.com/2015/01/stable-update.html (Links to External Site)
Cause:   Access control error, Boundary error
Underlying OS:  Linux (Any), UNIX (macOS/OS X), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 16 2015 (Apple Issues Fix for Apple iTunes) Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code and Deny Service
Apple has issued a fix for Apple iTunes for Windows.
Sep 17 2015 (Apple Issues Fix for Apple iOS) Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code and Deny Service
Apple has issued a fix for Apple iOS.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC