rpm package
opensuse/chromium&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed
Vulnerabilities (4,053)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-7946 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 22, 2015 | The RenderTable::simplifiedNormalFlowLayout function in core/rendering/RenderTable.cpp in Blink, as used in Google Chrome before 40.0.2214.91, skips captions during table layout in certain situations, which allows remote attackers to cause a denial of service (out-of-bounds read) | ||
| CVE-2014-7945 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 22, 2015 | OpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, and t2.c. | ||
| CVE-2014-7944 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 22, 2015 | The sycc422_to_rgb function in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 40.0.2214.91, does not properly handle odd values of image width, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF documen | ||
| CVE-2014-7943 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 22, 2015 | Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors. | ||
| CVE-2014-7942 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 22, 2015 | The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| CVE-2014-7941 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 22, 2015 | The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via cra | ||
| CVE-2014-7940 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 22, 2015 | The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or | ||
| CVE-2014-7939 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 22, 2015 | Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff | ||
| CVE-2014-7938 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 22, 2015 | The Fonts implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. | ||
| CVE-2014-7937 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 22, 2015 | Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data. | ||
| CVE-2014-7936 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 22, 2015 | Use-after-free vulnerability in the ZoomBubbleView::Close function in browser/ui/views/location_bar/zoom_bubble_view.cc in the Views implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact | ||
| CVE-2014-7935 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 22, 2015 | Use-after-free vulnerability in browser/speech/tts_message_filter.cc in the Speech implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving utterances from a closed tab | ||
| CVE-2014-7934 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 22, 2015 | Use-after-free vulnerability in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unexpected absence of document data structures. | ||
| CVE-2014-7933 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 22, 2015 | Use-after-free vulnerability in the matroska_read_seek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska | ||
| CVE-2014-7932 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 22, 2015 | Use-after-free vulnerability in the Element::detach function in core/dom/Element.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involv | ||
| CVE-2014-7930 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 22, 2015 | Use-after-free vulnerability in core/events/TreeScopeEventContext.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that | ||
| CVE-2014-7929 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 22, 2015 | Use-after-free vulnerability in the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecif | ||
| CVE-2014-7928 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 22, 2015 | hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, does not properly handle arrays with holes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code that triggers an a | ||
| CVE-2014-7927 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 22, 2015 | The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-lowering.cc in Google V8, as used in Google Chrome before 40.0.2214.91, does not properly choose an integer data type, which allows remote attackers to cause a denial of service (memory corruption) or possibly h | ||
| CVE-2014-7926 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 22, 2015 | The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vector |
- CVE-2014-7946Jan 22, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The RenderTable::simplifiedNormalFlowLayout function in core/rendering/RenderTable.cpp in Blink, as used in Google Chrome before 40.0.2214.91, skips captions during table layout in certain situations, which allows remote attackers to cause a denial of service (out-of-bounds read)
- CVE-2014-7945Jan 22, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
OpenJPEG before r2908, as used in PDFium in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF document, related to j2k.c, jp2.c, and t2.c.
- CVE-2014-7944Jan 22, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The sycc422_to_rgb function in fxcodec/codec/fx_codec_jpx_opj.cpp in PDFium, as used in Google Chrome before 40.0.2214.91, does not properly handle odd values of image width, which allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted PDF documen
- CVE-2014-7943Jan 22, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Skia, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
- CVE-2014-7942Jan 22, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The Fonts implementation in Google Chrome before 40.0.2214.91 does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
- CVE-2014-7941Jan 22, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The SelectionOwner::ProcessTarget function in ui/base/x/selection_owner.cc in the UI implementation in Google Chrome before 40.0.2214.91 uses an incorrect data type for a certain length value, which allows remote attackers to cause a denial of service (out-of-bounds read) via cra
- CVE-2014-7940Jan 22, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The collator implementation in i18n/ucol.cpp in International Components for Unicode (ICU) 52 through SVN revision 293126, as used in Google Chrome before 40.0.2214.91, does not initialize memory for a data structure, which allows remote attackers to cause a denial of service or
- CVE-2014-7939Jan 22, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Google Chrome before 40.0.2214.91, when the Harmony proxy in Google V8 is enabled, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code with Proxy.create and console.log calls, related to HTTP responses that lack an "X-Content-Type-Options: nosniff
- CVE-2014-7938Jan 22, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The Fonts implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.
- CVE-2014-7937Jan 22, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Multiple off-by-one errors in libavcodec/vorbisdec.c in FFmpeg before 2.4.2, as used in Google Chrome before 40.0.2214.91, allow remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted Vorbis I data.
- CVE-2014-7936Jan 22, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the ZoomBubbleView::Close function in browser/ui/views/location_bar/zoom_bubble_view.cc in the Views implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact
- CVE-2014-7935Jan 22, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in browser/speech/tts_message_filter.cc in the Speech implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving utterances from a closed tab
- CVE-2014-7934Jan 22, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to unexpected absence of document data structures.
- CVE-2014-7933Jan 22, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the matroska_read_seek function in libavformat/matroskadec.c in FFmpeg before 2.5.1, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted Matroska
- CVE-2014-7932Jan 22, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the Element::detach function in core/dom/Element.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involv
- CVE-2014-7930Jan 22, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in core/events/TreeScopeEventContext.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that
- CVE-2014-7929Jan 22, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecif
- CVE-2014-7928Jan 22, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
hydrogen.cc in Google V8, as used Google Chrome before 40.0.2214.91, does not properly handle arrays with holes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code that triggers an a
- CVE-2014-7927Jan 22, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-lowering.cc in Google V8, as used in Google Chrome before 40.0.2214.91, does not properly choose an integer data type, which allows remote attackers to cause a denial of service (memory corruption) or possibly h
- CVE-2014-7926Jan 22, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vector
Page 184 of 203