7.5
CVSSv2

CVE-2014-7928

Published: 22/01/2015 Updated: 03/01/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

hydrogen.cc in Google V8, as used Google Chrome prior to 40.0.2214.91, does not properly handle arrays with holes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code that triggers an array copy.

Affected Products

Vendor Product Versions
GoogleChrome40.0.2214.85

Vendor Advisories

hydrogencc in Google V8, as used Google Chrome before 400221491, does not properly handle arrays with holes, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code that triggers an array copy ...
Synopsis Important: chromium-browser security update Type/Severity Security Advisory: Important Topic Updated chromium-browser packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having Important securityi ...
Several security issues were fixed in Oxide ...

Github Repositories

Case Study of JavaScript Engine Vulnerabilities V8 CVE Number Feature Keywords Credit CVE-2013-6632 TypedArray Integer Overflow, OOB Pinkie Pie CVE-2014-1705 TypedArray Invalid Array Length, OOB geohot CVE-2014-3176 Arrayconcat Side Effect, OOB lokihardt CVE-2014-7927 Optimization asmjs, OOB Christian Holler CVE-2014-7928 Optimization Array Christian Holler C

Awesome CVE PoC A curated list of CVE PoCs Here is a collection about Proof of Concepts of Common Vulnerabilities and Exposures, and you may also want to check out awesome-web-security Please read the contribution guidelines before contributing This repo is full of PoCs for CVEs If you enjoy this awesome list and would like to support it, check out my Patreon page :

Recent Articles

Chrome 40 Patches 62 Security Vulnerabilities, Pays Bounties Aplenty
Threatpost • Michael Mimoso • 22 Jan 2015

Google pushed out on Wednesday a new version of its Chrome browser (40.0.2214.91) and along with it paid out more than two dozen bounties, including 16 for memory corruption vulnerabilities.
In all, 62 security vulnerabilities were patched, 17 of those considered high severity bugs by Google.
Most of those high-severity vulnerabilities were memory corruption or use-after-free vulnerabilities in a number of Chrome components, including ICU, V8, FFmpeg and DOM.
A researcher credi...