Vulnerabilities > CVE-2014-7910 - Unspecified vulnerability in Google Chrome

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
google
nessus
exploit available

Summary

Multiple unspecified vulnerabilities in Google Chrome before 39.0.2171.65 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Vulnerable Configurations

Part Description Count
Application
Google
3724

Exploit-Db

  • descriptionQNAP - Web Server Remote Code Execution via Bash Environment Variable Code Injection. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,...
    idEDB-ID:36504
    last seen2016-02-04
    modified2015-03-26
    published2015-03-26
    reporterPatrick Pellegrino
    sourcehttps://www.exploit-db.com/download/36504/
    titleQNAP - Web Server Remote Code Execution via Bash Environment Variable Code Injection
  • descriptionIPFire Cgi Web Interface Authenticated Bash Environment Variable Code Injection Exploit. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-71...
    idEDB-ID:34839
    last seen2016-02-04
    modified2014-10-01
    published2014-10-01
    reporterClaudio Viviani
    sourcehttps://www.exploit-db.com/download/34839/
    titleIPFire Cgi Web Interface Authenticated Bash Environment Variable Code Injection Exploit
  • descriptionKemp Load Master 7.1.16 - Multiple Vulnerabilities. CVE-2014-3659,CVE-2014-3671,CVE-2014-5287,CVE-2014-5288,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-20...
    idEDB-ID:36609
    last seen2016-02-04
    modified2015-04-02
    published2015-04-02
    reporterRoberto Suggi Liverani
    sourcehttps://www.exploit-db.com/download/36609/
    titleKemp Load Master 7.1.16 - Multiple Vulnerabilities
  • descriptionGNU bash Environment Variable Command Injection (MSF). CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-2014-7227,CVE...
    idEDB-ID:34777
    last seen2016-02-03
    modified2014-09-25
    published2014-09-25
    reporterShaun Colley
    sourcehttps://www.exploit-db.com/download/34777/
    titleGNU bash Environment Variable Command Injection MSF
  • descriptionPure-FTPd External Authentication Bash Environment Variable Code Injection. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7...
    idEDB-ID:34862
    last seen2016-02-04
    modified2014-10-02
    published2014-10-02
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/34862/
    titlePure-FTPd External Authentication Bash Environment Variable Code Injection
  • descriptionPHP 5.x Shellshock Exploit (bypass disable_functions). CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-2014-7227,CVE...
    idEDB-ID:35146
    last seen2016-02-04
    modified2014-11-03
    published2014-11-03
    reporterRyan King (Starfall)
    sourcehttps://www.exploit-db.com/download/35146/
    titlePHP 5.x Shellshock Exploit bypass disable_functions
  • descriptionBash - CGI RCE (MSF) Shellshock Exploit. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-2014-7227,CVE-2014-7910. We...
    idEDB-ID:34895
    last seen2016-02-04
    modified2014-10-06
    published2014-10-06
    reporterFady Mohammed Osman
    sourcehttps://www.exploit-db.com/download/34895/
    titleBash - CGI RCE MSF Shellshock Exploit
  • descriptionPostfix SMTP - Shellshock Exploit. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-2014-7227,CVE-2014-7910. Remote e...
    idEDB-ID:34896
    last seen2016-02-04
    modified2014-10-06
    published2014-10-06
    reporterPhil Blank
    sourcehttps://www.exploit-db.com/download/34896/
    titlePostfix SMTP - Shellshock Exploit
  • descriptionQNAP - Admin Shell via Bash Environment Variable Code Injection. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-201...
    idEDB-ID:36503
    last seen2016-02-04
    modified2015-03-26
    published2015-03-26
    reporterPatrick Pellegrino
    sourcehttps://www.exploit-db.com/download/36503/
    titleQNAP - Admin Shell via Bash Environment Variable Code Injection
  • descriptionGNU bash Environment Variable Command Injection. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-2014-7227,CVE-2014-...
    idEDB-ID:34765
    last seen2016-02-03
    modified2014-09-25
    published2014-09-25
    reporterStephane Chazelas
    sourcehttps://www.exploit-db.com/download/34765/
    titleGNU Bash - Environment Variable Command Injection ShellShock
  • descriptionOpenVPN 2.2.29 - ShellShock Exploit. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-2014-7227,CVE-2014-7910. Remote...
    fileexploits/linux/remote/34879.txt
    idEDB-ID:34879
    last seen2016-02-04
    modified2014-10-04
    platformlinux
    port
    published2014-10-04
    reporterhobbily plunt
    sourcehttps://www.exploit-db.com/download/34879/
    titleOpenVPN 2.2.29 - ShellShock Exploit
    typeremote
  • descriptionBash - Environment Variables Code Injection Exploit (ShellShock). CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-20...
    idEDB-ID:34766
    last seen2016-02-03
    modified2014-09-25
    published2014-09-25
    reporterPrakhar Prasad & Subho Halder
    sourcehttps://www.exploit-db.com/download/34766/
    titleBash - Environment Variables Code Injection Exploit ShellShock
  • descriptionCUPS Filter Bash Environment Variable Code Injection. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-62771,CVE-2014-7169,CVE-2014-7196,CVE-2014-7227,CVE-...
    idEDB-ID:35115
    last seen2016-02-04
    modified2014-10-29
    published2014-10-29
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/35115/
    titleCUPS Filter Bash Environment Variable Code Injection
  • descriptionGNU bash 4.3.11 Environment Variable dhclient Exploit. CVE-2014-3659,CVE-2014-3671,CVE-2014-6271,CVE-2014-6277,CVE-2014-62771,CVE-2014-6278,CVE-2014-7169,CVE...
    idEDB-ID:34860
    last seen2016-02-04
    modified2014-10-02
    published2014-10-02
    reporter@0x00string
    sourcehttps://www.exploit-db.com/download/34860/
    titleGNU bash 4.3.11 Environment Variable dhclient Exploit

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_D395E44F6F4F11E4A44400262D5ED8EE.NASL
    descriptionGoogle Chrome Releases reports : 42 security fixes in this release, including : - [389734] High CVE-2014-7899: Address bar spoofing. Credit to Eli Grey. - [406868] High CVE-2014-7900: Use-after-free in pdfium. Credit to Atte Kettunen from OUSPG. - [413375] High CVE-2014-7901: Integer overflow in pdfium. Credit to cloudfuzzer. - [414504] High CVE-2014-7902: Use-after-free in pdfium. Credit to cloudfuzzer. - [414525] High CVE-2014-7903: Buffer overflow in pdfium. Credit to cloudfuzzer. - [418161] High CVE-2014-7904: Buffer overflow in Skia. Credit to Atte Kettunen from OUSPG. - [421817] High CVE-2014-7905: Flaw allowing navigation to intents that do not have the BROWSABLE category. Credit to WangTao(neobyte) of Baidu X-Team. - [423030] High CVE-2014-7906: Use-after-free in pepper plugins. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team. - [423703] High CVE-2014-0574: Double-free in Flash. Credit to biloulehibou. - [424453] High CVE-2014-7907: Use-after-free in blink. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team. - [425980] High CVE-2014-7908: Integer overflow in media. Credit to Christoph Diehl. - [391001] Medium CVE-2014-7909: Uninitialized memory read in Skia. Credit to miaubiz. - CVE-2014-7910: Various fixes from internal audits, fuzzing and other initiatives.
    last seen2020-06-01
    modified2020-06-02
    plugin id79320
    published2014-11-19
    reporterThis script is Copyright (C) 2014-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79320
    titleFreeBSD : chromium -- multiple vulnerabilities (d395e44f-6f4f-11e4-a444-00262d5ed8ee)
  • NASL familyMacOS X Local Security Checks
    NASL idMACOSX_GOOGLE_CHROME_39_0_2171_65.NASL
    descriptionThe version of Google Chrome installed on the remote Mac OS X host is a version prior to 39.0.2171.65. It is, therefore, affected by the following vulnerabilities : - A double-free vulnerability exists in the version of Adobe Flash bundled with Chrome which could result in arbitrary code execution. (CVE-2014-0574) - An unspecified address bar spoofing vulnerability exists which could be used to aid in phishing attacks. (CVE-2014-7899) - Multiple use-after-free vulnerabilities exist in pdfium which could result in arbitrary code execution. (CVE-2014-7900, CVE-2014-7902) - Integer overflow vulnerabilities exist in pdfium and the media component which could result in arbitrary code execution. (CVE-2014-7901, CVE-2014-7908) - Buffer overflow vulnerabilities exist in pdfium and Skia which could result in arbitrary code execution. (CVE-2014-7903, CVE-2014-7904) - Use-after-free vulnerabilities exist in Pepper plugins and Blink which could result in arbitrary code execution. (CVE-2014-7906, CVE-2014-7907) - An unspecified uninitialized memory read exists. (CVE-2014-7909) - Multiple unspecified vulnerabilities exist. (CVE-2014-7910)
    last seen2020-06-01
    modified2020-06-02
    plugin id79337
    published2014-11-19
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79337
    titleGoogle Chrome < 39.0.2171.65 Multiple Vulnerabilities (Mac OS X)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-2410-1.NASL
    descriptionA buffer overflow was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacked could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7904) Multiple use-after-frees were discovered in Blink. If a user were tricked in to opening a specially crafted website, an attacked could potentially exploit these to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7907) An integer overflow was discovered in media. If a user were tricked in to opening a specially crafted website, an attacked could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. (CVE-2014-7908) An uninitialized memory read was discovered in Skia. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash. (CVE-2014-7909) Multiple security issues were discovered in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to read uninitialized memory, cause a denial of service via application crash or execute arbitrary code with the privileges of the user invoking the program. (CVE-2014-7910). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id79354
    published2014-11-20
    reporterUbuntu Security Notice (C) 2014-2019 Canonical, Inc. / NASL script (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79354
    titleUbuntu 14.04 LTS / 14.10 : oxide-qt vulnerabilities (USN-2410-1)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2014-1894.NASL
    descriptionUpdated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Chromium is an open source web browser, powered by WebKit (Blink). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. (CVE-2014-7904, CVE-2014-7906, CVE-2014-7907, CVE-2014-7910, CVE-2014-7908, CVE-2014-7909) A flaw was found in the way Chromium parsed certain URL values. A malicious attacker could use this flaw to perform phishing attacks. (CVE-2014-7899) All Chromium users should upgrade to these updated packages, which contain Chromium version 39.0.2171.65, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.
    last seen2020-05-31
    modified2014-11-25
    plugin id79426
    published2014-11-25
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79426
    titleRHEL 6 : chromium-browser (RHSA-2014:1894)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201412-13.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201412-13 (Chromium: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact : A remote attacker may be able to execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id79966
    published2014-12-15
    reporterThis script is Copyright (C) 2014-2015 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/79966
    titleGLSA-201412-13 : Chromium: Multiple vulnerabilities
  • NASL familyWindows
    NASL idGOOGLE_CHROME_39_0_2171_65.NASL
    descriptionThe version of Google Chrome installed on the remote Windows host is a version prior to 39.0.2171.65. It is, therefore, affected by the following vulnerabilities : - A double-free vulnerability exists in the version of Adobe Flash bundled with Chrome which could result in arbitrary code execution. (CVE-2014-0574) - An unspecified address bar spoofing vulnerability exists which could be used to aid in phishing attacks. (CVE-2014-7899) - Multiple use-after-free vulnerabilities exist in pdfium which could result in arbitrary code execution. (CVE-2014-7900, CVE-2014-7902) - Integer overflow vulnerabilities exist in pdfium and the media component which could result in arbitrary code execution. (CVE-2014-7901, CVE-2014-7908) - Buffer overflow vulnerabilities exist in pdfium and Skia which could result in arbitrary code execution. (CVE-2014-7903, CVE-2014-7904) - Use-after-free vulnerabilities exist in Pepper plugins and Blink which could result in arbitrary code execution. (CVE-2014-7906, CVE-2014-7907) - An unspecified uninitialized memory read exists. (CVE-2014-7909) - Multiple unspecified vulnerabilities exist. (CVE-2014-7910)
    last seen2020-06-01
    modified2020-06-02
    plugin id79336
    published2014-11-19
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79336
    titleGoogle Chrome < 39.0.2171.65 Multiple Vulnerabilities
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2014-764.NASL
    descriptionchromium was updated to version 39.0.2171.65 to fix 13 security issues. These security issues were fixed : - Use-after-free in pepper plugins (CVE-2014-7906). - Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chromebefore 39.0.2171.65, al... (CVE-2014-7903). - Uninitialized memory read in Skia (CVE-2014-7909). - Unspecified security issues (CVE-2014-7910). - Integer overflow in media (CVE-2014-7908). - Integer overflow in the opj_t2_read_packet_data function infxcodec/fx_libopenjpeg/libopenjpeg20/t2.... (CVE-2014-7901). - Use-after-free in blink (CVE-2014-7907). - Address bar spoofing (CVE-2014-7899). - Buffer overflow in Skia (CVE-2014-7904). - Use-after-free vulnerability in the CPDF_Parser (CVE-2014-7900). - Use-after-free vulnerability in PDFium allows DoS (CVE-2014-7902). - Flaw allowing navigation to intents that do not have the BROWSABLE category (CVE-2014-7905). - Double-free in Flash (CVE-2014-0574).
    last seen2020-06-05
    modified2014-12-15
    plugin id79997
    published2014-12-15
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/79997
    titleopenSUSE Security Update : chromium (openSUSE-SU-2014:1626-1)

Redhat

advisories
rhsa
idRHSA-2014:1894
rpms
  • chromium-browser-0:39.0.2171.65-2.el6_6
  • chromium-browser-debuginfo-0:39.0.2171.65-2.el6_6

References