7.5
CVSSv2

CVE-2014-1740

Published: 14/05/2014 Updated: 28/12/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

Multiple use-after-free vulnerabilities in net/websockets/websocket_job.cc in the WebSockets implementation in Google Chrome prior to 34.0.1847.137 allow remote malicious users to cause a denial of service or possibly have unspecified other impact via vectors related to WebSocketJob deletion.

Affected Products

Vendor Product Versions
GoogleChrome34.0.1847.0, 34.0.1847.1, 34.0.1847.2, 34.0.1847.3, 34.0.1847.4, 34.0.1847.5, 34.0.1847.6, 34.0.1847.7, 34.0.1847.8, 34.0.1847.9, 34.0.1847.10, 34.0.1847.12, 34.0.1847.14, 34.0.1847.15, 34.0.1847.23, 34.0.1847.24, 34.0.1847.25, 34.0.1847.36, 34.0.1847.37, 34.0.1847.38, 34.0.1847.39, 34.0.1847.41, 34.0.1847.42, 34.0.1847.43, 34.0.1847.44, 34.0.1847.45, 34.0.1847.46, 34.0.1847.47, 34.0.1847.48, 34.0.1847.49, 34.0.1847.50, 34.0.1847.51, 34.0.1847.52, 34.0.1847.53, 34.0.1847.54, 34.0.1847.55, 34.0.1847.56, 34.0.1847.57, 34.0.1847.58, 34.0.1847.59, 34.0.1847.60, 34.0.1847.61, 34.0.1847.62, 34.0.1847.63, 34.0.1847.64, 34.0.1847.65, 34.0.1847.66, 34.0.1847.67, 34.0.1847.68, 34.0.1847.69, 34.0.1847.71, 34.0.1847.72, 34.0.1847.73, 34.0.1847.74, 34.0.1847.75, 34.0.1847.76, 34.0.1847.77, 34.0.1847.78, 34.0.1847.79, 34.0.1847.80, 34.0.1847.81, 34.0.1847.82, 34.0.1847.83, 34.0.1847.85, 34.0.1847.86, 34.0.1847.87, 34.0.1847.91, 34.0.1847.92, 34.0.1847.94, 34.0.1847.97, 34.0.1847.98, 34.0.1847.99, 34.0.1847.100, 34.0.1847.101, 34.0.1847.102, 34.0.1847.103, 34.0.1847.104, 34.0.1847.109, 34.0.1847.111, 34.0.1847.112, 34.0.1847.113, 34.0.1847.114, 34.0.1847.115, 34.0.1847.116, 34.0.1847.118, 34.0.1847.120, 34.0.1847.130, 34.0.1847.131, 34.0.1847.132, 34.0.1847.133, 34.0.1847.134, 34.0.1847.135, 34.0.1847.136

Vendor Advisories

Several vulnerabilties have been discovered in the chromium web browser CVE-2014-1740 Collin Payne discovered a use-after-free issue in chromium's WebSockets implementation CVE-2014-1741 John Butler discovered multiple integer overflow issues in the Blink/Webkit document object model implementation CVE-2014-1742 cloudfuzzer ...
Several security issues were fixed in Oxide ...