core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows remote attackers to spoof content via a crafted web site that interferes with the scrollbar.
Max CVSS
5.0
EPSS Score
0.21%
Published
2014-10-10
Updated
2014-10-10
The Instance::HandleInputEvent function in pdf/instance.cc in the PDFium component in Google Chrome before 38.0.2125.101 interprets a certain -1 value as an index instead of a no-visible-page error code, which allows remote attackers to cause a denial of service (out-of-bounds read) via unspecified vectors.
Max CVSS
5.0
EPSS Score
1.25%
Published
2014-10-08
Updated
2016-11-28
2 vulnerabilities found