SB2014051414 - Multiple vulnerabilities in Techland Chrome 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2014051414

SB2014051414 - Multiple vulnerabilities in Techland Chrome

Published: May 14, 2014 Updated: August 10, 2020

Security Bulletin ID SB2014051414
Severity
Medium
Patch available
YES
Number of vulnerabilities 3
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 3 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2014-1741)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple integer overflows in the replace-data functionality in the CharacterData interface implementation in core/dom/CharacterData.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to ranges.


2) Resource management error (CVE-ID: CVE-2014-1742)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Use-after-free vulnerability in the FrameSelection::updateAppearance function in core/editing/FrameSelection.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper RenderObject handling.


3) Resource management error (CVE-ID: CVE-2014-1740)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Multiple use-after-free vulnerabilities in net/websockets/websocket_job.cc in the WebSockets implementation in Google Chrome before 34.0.1847.137 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to WebSocketJob deletion.


Remediation

Install update from vendor's website.

References