Original
release date: April 14, 2014
The US-CERT Cyber Security Bulletin provides a summary of
new vulnerabilities that have been recorded by the National
Institute of Standards and Technology (NIST) National
Vulnerability Database (NVD) in the past week. The NVD is sponsored by the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center
(NCCIC) / United States Computer Emergency Readiness Team
(US-CERT). For modified or updated entries, please visit the NVD, which contains historical
vulnerability information.
google
-- chrome
|
Cross-site
scripting (XSS) vulnerability in the Runtime_SetPrototype function in
runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows
remote attackers to inject arbitrary web script or HTML via unspecified
vectors, aka "Universal XSS (UXSS)."
|
google
-- chrome
|
Google
V8, as used in Google Chrome before 34.0.1847.116, does not properly use
numeric casts during handling of typed arrays, which allows remote attackers
to cause a denial of service (out-of-bounds array access) or possibly have
unspecified other impact via crafted JavaScript code.
|
google
-- chrome
|
Integer
overflow in the SoftwareFrameManager::SwapToNewFrame function in
content/browser/renderer_host/software_frame_manager.cc in the software
compositor in Google Chrome before 34.0.1847.116 allows remote attackers to
cause a denial of service or possibly have unspecified other impact via
vectors that trigger an attempted mapping of a large amount of renderer
memory.
|
google
-- chrome
|
Use-after-free
vulnerability in the WebSharedWorkerStub::OnTerminateWorkerContext function
in content/worker/websharedworker_stub.cc in the Web Workers implementation in
Google Chrome before 34.0.1847.116 allows remote attackers to cause a denial
of service (heap memory corruption) or possibly have unspecified other impact
via vectors that trigger a SharedWorker termination during script loading.
|
google
-- chrome
|
Use-after-free
vulnerability in the HTMLBodyElement::insertedInto function in
core/html/HTMLBodyElement.cpp in Blink, as used in Google Chrome before
34.0.1847.116, allows remote attackers to cause a denial of service or
possibly have unspecified other impact via vectors involving attributes.
|
google
-- chrome
|
Google
V8, as used in Google Chrome before 34.0.1847.116, does not properly
implement lazy deoptimization, which allows remote attackers to cause a
denial of service (memory corruption) or possibly have unspecified other
impact via crafted JavaScript code, as demonstrated by improper handling of a
heap allocation of a number outside the Small Integer (aka smi) range.
|
google
-- chrome
|
Use-after-free
vulnerability in the RenderBlock::addChildIgnoringAnonymousColumnBlocks
function in core/rendering/RenderBlock.cpp in Blink, as used in Google Chrome
before 34.0.1847.116, allows remote attackers to cause a denial of service or
possibly have unspecified other impact via vectors involving addition of a
child node.
|
google
-- chrome
|
The
UnescapeURLWithOffsetsImpl function in net/base/escape.cc in Google Chrome
before 34.0.1847.116 does not properly handle bidirectional Internationalized
Resource Identifiers (IRIs), which makes it easier for remote attackers to
spoof URLs via crafted use of right-to-left (RTL) Unicode text.
|
google
-- chrome
|
Use-after-free
vulnerability in Free(b)soft Laboratory Speech Dispatcher 0.7.1, as used in
Google Chrome before 34.0.1847.116, allows remote attackers to cause a denial
of service (application hang) or possibly have unspecified other impact via a
text-to-speech request.
|
google
-- chrome
|
Use-after-free
vulnerability in content/renderer/renderer_webcolorchooser_impl.h in Google
Chrome before 34.0.1847.116 allows remote attackers to cause a denial of
service or possibly have unspecified other impact via vectors related to
forms.
|
google
-- chrome
|
Multiple
unspecified vulnerabilities in Google Chrome before 34.0.1847.116 allow
attackers to cause a denial of service or possibly have other impact via
unknown vectors.
|
google
-- chrome
|
Multiple
unspecified vulnerabilities in Google V8 before 3.24.35.22, as used in Google
Chrome before 34.0.1847.116, allow attackers to cause a denial of service or
possibly have other impact via unknown vectors.
|
In addition to this blog, I have authored the premiere book on Netiquette, " Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". You can view my profile, reviews of the book and content excerpts at:
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio and an online newsletter via paper.li.I have established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and I have been contributing to the blogs Everything Email and emailmonday . My work has appeared in numerous publications and I have presented to groups such as The Breakfast Club of NJ Rider University and PSG of Mercer County, NJ.
=============================================
No comments:
Post a Comment