Vulnerability Details : CVE-2014-7910
Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2014-7910
Probability of exploitation activity in the next 30 days: 0.68%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 78 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-7910
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2014-7910
-
https://code.google.com/p/chromium/issues/detail?id=425151
425151 - Heap-buffer-overflow in opj_tcd_init_decode_tile - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=422482
422482 - Use-of-uninitialized-value in AvatarMenuBubbleView::LinkClicked - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=425152
425152 - Heap-buffer-overflow in opj_stream_read_data - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=424215
424215 - Heap-buffer-overflow in WebRtcIsacfix_Decode - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=421504
421504 - Heap-use-after-free in blink::XMLHttpRequest::handleRequestError - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=397396
397396 - Investigate lifetime of the NativeWindow parent in ExtensionUninstallDialog - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=408426
408426 - Security: Page can run arbitrary code in the context of a UserGestureIndicator - chromium - Monorail
-
http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
https://code.google.com/p/chromium/issues/detail?id=414134
414134 - Use-of-uninitialized-value in cricket::WebRtcVoiceMediaChannel::SetupSharedBweOnChannel - chromium - Monorail
-
https://www.exploit-db.com/exploits/34879/
OpenVPN 2.2.29 - 'Shellshock' Remote Command Injection - Linux remote Exploit
-
https://code.google.com/p/chromium/issues/detail?id=340387
340387 - Security: Unquoted path in mini_installer can lead to executing the wrong executable - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=424999
424999 - Use-of-uninitialized-value in aura::Window::GetNativeWindowProperty - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=423030
Inloggen - Google Accounts
-
https://code.google.com/p/chromium/issues/detail?id=415407
415407 - ASSERTION FAILED: curr->isRenderInline(), UNKNOWN in blink::RenderInline::splitInlines - chromium - Monorail
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/98798
Google Chrome multiple unspecified CVE-2014-7910 Vulnerability Report
-
https://code.google.com/p/chromium/issues/detail?id=417210
417210 - ThreadSanitizer v2 reports a heap-use-after-free in _get_bitmap_surface - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=409454
409454 - Fetch event shouldn't fire for preflight requests - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=411162
411162 - Use-of-uninitialized-value in webrtc::AudioDecoder::ConvertSpeechType - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=409508
409508 - Heap-use-after-free in blink::PODIntervalTree<int,blink::FloatingObject - chromium - Monorail
-
http://www.securitytracker.com/id/1031241
Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code and Obtain Information - SecurityTracker
-
https://code.google.com/p/chromium/issues/detail?id=433500
433500 - Tracking Bug for internal security fixes: Chrome M39, Release 0 - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=413744
413744 - Heap-use-after-free in JavaObjectWeakGlobalRef::Assign - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=411159
411159 - Use-of-uninitialized-value in content::MessageChannel::DrainEarlyMessageQueue - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=421720
421720 - Crash in RenderBlock::willBeDestroyed when removing from a map and destroying a continuation that has been already destroyed - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=389451
389451 - Security: SDCH dictionary URL check can be bypassed - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=411165
411165 - Use-of-uninitialized-value in std::__1::pair<std::__1::pair<WTF::StringImpl**, bool>, unsigned int> WTF:: - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=421981
421981 - Use-of-uninitialized-value in v8::internal::Factory::NewNumber - chromium - Monorail
-
http://rhn.redhat.com/errata/RHSA-2014-1894.html
RHSA-2014:1894 - Security Advisory - Red Hat Customer Portal
-
https://code.google.com/p/chromium/issues/detail?id=391001
391001 - Use-of-uninitialized-value in SkFlatDictionary<SkPaint, SkPaint::FlatteningTraits>::findAndReturnMutableF - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=417329
417329 - Security: code execution via bash environment variables - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=423891
423891 - Bad-cast to blink::PODRedBlackTree<blink::PODInterval<int, blink::FloatingObject *> >::Node from invalid vptr;PODIntervalTree.h:175:33 - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=421321
421321 - Security: Use-after-free in blink::PageAnimator::serviceScriptedAnimations - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=413743
413743 - Heap-use-after-free in void cc::PreCalculateMetaInformation<cc::LayerImpl> - chromium - Monorail
-
http://www.securityfocus.com/bid/71161
Google Chrome CVE-2014-7910 Multiple Security Vulnerabilities
-
https://code.google.com/p/chromium/issues/detail?id=337071
337071 - UNKNOWN in NetworkASync::QueueDeletion - chromium - Monorail
-
https://code.google.com/p/chromium/issues/detail?id=421090
421090 - Security: NaCl sandbox escape via DRAM "rowhammer" memory corruption - chromium - Monorail
Products affected by CVE-2014-7910
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*