rpm package
opensuse/chromium&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed
Vulnerabilities (4,053)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-7925 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 22, 2015 | Use-after-free vulnerability in the WebAudio implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an audio-rendering thread in which AudioNode | ||
| CVE-2014-7924 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 22, 2015 | Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering duplicate BLOB references, related to content/browser/indexed_db/indexed_ | ||
| CVE-2014-7923 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jan 22, 2015 | The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vector | ||
| CVE-2014-7910 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Nov 19, 2014 | Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
| CVE-2014-7909 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Nov 19, 2014 | effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before 39.0.2171.65, computes a hash key using uninitialized integer values, which might allow remote attackers to cause a denial of service by rendering crafted data. | ||
| CVE-2014-7908 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Nov 19, 2014 | Multiple integer overflows in the CheckMov function in media/base/container_names.cc in Google Chrome before 39.0.2171.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a large atom in (1) MPEG-4 or (2) QuickTime .mov data. | ||
| CVE-2014-7907 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Nov 19, 2014 | Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cpp in Blink, as used in Google Chrome before 39.0.2171.65, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger imp | ||
| CVE-2014-7906 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Nov 19, 2014 | Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flash content that triggers an attempted PepperMediaDeviceManager access outside of t | ||
| CVE-2014-7905 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Nov 19, 2014 | Google Chrome before 39.0.2171.65 on Android does not prevent navigation to a URL in cases where an intent for the URL lacks CATEGORY_BROWSABLE, which allows remote attackers to bypass intended access restrictions via a crafted web site. | ||
| CVE-2014-7904 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Nov 19, 2014 | Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors. | ||
| CVE-2014-7903 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Nov 19, 2014 | Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG image. | ||
| CVE-2014-7902 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Nov 19, 2014 | Use-after-free vulnerability in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document. | ||
| CVE-2014-7901 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Nov 19, 2014 | Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long seg | ||
| CVE-2014-7900 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Nov 19, 2014 | Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a c | ||
| CVE-2014-7899 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Nov 19, 2014 | Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string. | ||
| CVE-2014-0574 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Nov 11, 2014 | Double free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attacker | ||
| CVE-2014-3200 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Oct 8, 2014 | Multiple unspecified vulnerabilities in Google Chrome before 38.0.2125.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
| CVE-2014-3199 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Oct 8, 2014 | The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 38.0.2125.101, has an erroneous fallback outcome for wrapper-selection failures, which allows remote attackers to cause a denial of service via vectors that | ||
| CVE-2014-3198 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Oct 8, 2014 | The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error code, which allows remote attackers to cause a denial of service (out-of-bounds re | ||
| CVE-2014-3197 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Oct 8, 2014 | The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive in |
- CVE-2014-7925Jan 22, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the WebAudio implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger an audio-rendering thread in which AudioNode
- CVE-2014-7924Jan 22, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering duplicate BLOB references, related to content/browser/indexed_db/indexed_
- CVE-2014-7923Jan 22, 2015affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vector
- CVE-2014-7910Nov 19, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2014-7909Nov 19, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
effects/SkDashPathEffect.cpp in Skia, as used in Google Chrome before 39.0.2171.65, computes a hash key using uninitialized integer values, which might allow remote attackers to cause a denial of service by rendering crafted data.
- CVE-2014-7908Nov 19, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Multiple integer overflows in the CheckMov function in media/base/container_names.cc in Google Chrome before 39.0.2171.65 allow remote attackers to cause a denial of service or possibly have unspecified other impact via a large atom in (1) MPEG-4 or (2) QuickTime .mov data.
- CVE-2014-7907Nov 19, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cpp in Blink, as used in Google Chrome before 39.0.2171.65, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger imp
- CVE-2014-7906Nov 19, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the Pepper plugins in Google Chrome before 39.0.2171.65 allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted Flash content that triggers an attempted PepperMediaDeviceManager access outside of t
- CVE-2014-7905Nov 19, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Google Chrome before 39.0.2171.65 on Android does not prevent navigation to a URL in cases where an intent for the URL lacks CATEGORY_BROWSABLE, which allows remote attackers to bypass intended access restrictions via a crafted web site.
- CVE-2014-7904Nov 19, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Buffer overflow in Skia, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.
- CVE-2014-7903Nov 19, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted JPEG image.
- CVE-2014-7902Nov 19, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted PDF document.
- CVE-2014-7901Nov 19, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Integer overflow in the opj_t2_read_packet_data function in fxcodec/fx_libopenjpeg/libopenjpeg20/t2.c in OpenJPEG in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a long seg
- CVE-2014-7900Nov 19, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the CPDF_Parser::IsLinearizedFile function in fpdfapi/fpdf_parser/fpdf_parser_parser.cpp in PDFium, as used in Google Chrome before 39.0.2171.65, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a c
- CVE-2014-7899Nov 19, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string.
- CVE-2014-0574Nov 11, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Double free vulnerability in Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe AIR SDK & Compiler before 15.0.0.356 allows attacker
- CVE-2014-3200Oct 8, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Multiple unspecified vulnerabilities in Google Chrome before 38.0.2125.101 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2014-3199Oct 8, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The wrap function in bindings/core/v8/custom/V8EventCustom.cpp in the V8 bindings in Blink, as used in Google Chrome before 38.0.2125.101, has an erroneous fallback outcome for wrapper-selection failures, which allows remote attackers to cause a denial of service via vectors that
- CVE-2014-3198Oct 8, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error code, which allows remote attackers to cause a denial of service (out-of-bounds re
- CVE-2014-3197Oct 8, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive in
Page 185 of 203