rpm package
opensuse/chromium&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed
Vulnerabilities (4,053)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2014-3167 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Aug 13, 2014 | Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
| CVE-2014-3166 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Aug 13, 2014 | The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by lev | ||
| CVE-2014-3165 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Aug 13, 2014 | Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via ve | ||
| CVE-2014-3162 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jul 20, 2014 | Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
| CVE-2014-3160 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jul 20, 2014 | The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a craf | ||
| CVE-2014-3157 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jun 11, 2014 | Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging VideoFrame dat | ||
| CVE-2014-3156 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jun 11, 2014 | Buffer overflow in the clipboard implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger unexpected bitmap data, related to content/renderer/renderer_clipboard_cli | ||
| CVE-2014-3155 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jun 11, 2014 | net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue maintenance. | ||
| CVE-2014-3154 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | Jun 11, 2014 | Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/child_thread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a | ||
| CVE-2014-3152 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | May 21, 2014 | Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors | ||
| CVE-2014-1749 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | May 21, 2014 | Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. | ||
| CVE-2014-1748 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | May 21, 2014 | The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame. | ||
| CVE-2014-1747 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | May 21, 2014 | Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka "Un | ||
| CVE-2014-1746 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | May 21, 2014 | The InMemoryUrlProtocol::Read function in media/filters/in_memory_url_protocol.cc in Google Chrome before 35.0.1916.114 relies on an insufficiently large integer data type, which allows remote attackers to cause a denial of service (out-of-bounds read) via vectors that trigger us | ||
| CVE-2014-1745 | Hig | 7.1 | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | May 21, 2014 | Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related | |
| CVE-2014-1744 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | May 21, 2014 | Integer overflow in the AudioInputRendererHost::OnCreateStream function in content/browser/renderer_host/media/audio_input_renderer_host.cc in Google Chrome before 35.0.1916.114 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vec | ||
| CVE-2014-1743 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | May 21, 2014 | Use-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact | ||
| CVE-2014-1742 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | May 14, 2014 | Use-after-free vulnerability in the FrameSelection::updateAppearance function in core/editing/FrameSelection.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging i | ||
| CVE-2014-1741 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | May 14, 2014 | Multiple integer overflows in the replace-data functionality in the CharacterData interface implementation in core/dom/CharacterData.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allow remote attackers to cause a denial of service or possibly have unspecified other | ||
| CVE-2014-1740 | — | < 55.0.2883.75-3.1 | 55.0.2883.75-3.1 | May 14, 2014 | Multiple use-after-free vulnerabilities in net/websockets/websocket_job.cc in the WebSockets implementation in Google Chrome before 34.0.1847.137 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to WebSocketJob dele |
- CVE-2014-3167Aug 13, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.143 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2014-3166Aug 13, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by lev
- CVE-2014-3165Aug 13, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in modules/websockets/WorkerThreadableWebSocketChannel.cpp in the Web Sockets implementation in Blink, as used in Google Chrome before 36.0.1985.143, allows remote attackers to cause a denial of service or possibly have unspecified other impact via ve
- CVE-2014-3162Jul 20, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2014-3160Jul 20, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a craf
- CVE-2014-3157Jun 11, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Heap-based buffer overflow in the FFmpegVideoDecoder::GetVideoBuffer function in media/filters/ffmpeg_video_decoder.cc in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging VideoFrame dat
- CVE-2014-3156Jun 11, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Buffer overflow in the clipboard implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger unexpected bitmap data, related to content/renderer/renderer_clipboard_cli
- CVE-2014-3155Jun 11, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
net/spdy/spdy_write_queue.cc in the SPDY implementation in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service (out-of-bounds read) by leveraging incorrect queue maintenance.
- CVE-2014-3154Jun 11, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the ChildThread::Shutdown function in content/child/child_thread.cc in the filesystem API in Google Chrome before 35.0.1916.153 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to a
- CVE-2014-3152May 21, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors
- CVE-2014-1749May 21, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Multiple unspecified vulnerabilities in Google Chrome before 35.0.1916.114 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
- CVE-2014-1748May 21, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame.
- CVE-2014-1747May 21, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka "Un
- CVE-2014-1746May 21, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
The InMemoryUrlProtocol::Read function in media/filters/in_memory_url_protocol.cc in Google Chrome before 35.0.1916.114 relies on an insufficiently large integer data type, which allows remote attackers to cause a denial of service (out-of-bounds read) via vectors that trigger us
- affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related
- CVE-2014-1744May 21, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Integer overflow in the AudioInputRendererHost::OnCreateStream function in content/browser/renderer_host/media/audio_input_renderer_host.cc in Google Chrome before 35.0.1916.114 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vec
- CVE-2014-1743May 21, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact
- CVE-2014-1742May 14, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Use-after-free vulnerability in the FrameSelection::updateAppearance function in core/editing/FrameSelection.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging i
- CVE-2014-1741May 14, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Multiple integer overflows in the replace-data functionality in the CharacterData interface implementation in core/dom/CharacterData.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allow remote attackers to cause a denial of service or possibly have unspecified other
- CVE-2014-1740May 14, 2014affected < 55.0.2883.75-3.1fixed 55.0.2883.75-3.1
Multiple use-after-free vulnerabilities in net/websockets/websocket_job.cc in the WebSockets implementation in Google Chrome before 34.0.1847.137 allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to WebSocketJob dele
Page 187 of 203