GCVE - cpe:2.3:a:google:chrome:37.0.2062.3:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:google:chrome:37.0.2062.3:*:*:*:*:*:*:*

part: a version: 37.0.2062.3 update: *

Vendor	Google (`f181d1eb-7269-5bae-b76e-e66ceb214562`)
Product	Chrome (`7761a6b4-a4d4-5c42-a32a-f1a892237802`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2014-3187`	vulnerable	2026-06-03 14:33:53.698619	Details available Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted web site. Published: 2014-10-08T10:00:00.000Z Updated: 2024-08-06T10:35:57.015Z Open on db.gcve.eu Reference links https://code.google.com/p/chromium/issues/detail?id=413831 https://medium.com/section-9-lab/abusing-ios-url-handlers-on-messages-96979e8b12f5 http://googlechromereleases.blogspot.com/2014/10/chrome-for-ios-update.html http://twitter.com/S9Labs/statuses/519576582742999043	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3179`	vulnerable	2026-06-03 14:33:53.683112	Details available Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.120 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. Published: 2014-09-10T10:00:00.000Z Updated: 2024-08-06T10:35:57.047Z Open on db.gcve.eu Reference links https://code.google.com/p/chromium/issues/detail?id=402255 http://security.gentoo.org/glsa/glsa-201409-06.xml https://crbug.com/411014 http://www.securityfocus.com/bid/69710 https://code.google.com/p/chromium/issues/detail?id=396447	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3178`	vulnerable	2026-06-03 14:33:53.610634	Details available Use-after-free vulnerability in core/dom/Node.cpp in Blink, as used in Google Chrome before 37.0.2062.120, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of render-tree inconsistencies. Published: 2014-09-10T10:00:00.000Z Updated: 2024-08-06T10:35:57.048Z Open on db.gcve.eu Reference links http://security.gentoo.org/glsa/glsa-201409-06.xml https://crbug.com/401362 https://exchange.xforce.ibmcloud.com/vulnerabilities/95815 https://src.chromium.org/viewvc/blink?revision=180539&view=revision http://googlechromereleases.blogspot.com/2014/09/stable-channel-update_9.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3177`	vulnerable	2026-06-03 14:33:53.608553	Details available Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3176. Published: 2014-08-27T01:00:00.000Z Updated: 2024-08-06T10:35:57.022Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/95477 https://crbug.com/386988 http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html http://secunia.com/advisories/61482 http://security.gentoo.org/glsa/glsa-201408-16.xml	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3176`	vulnerable	2026-06-03 14:33:53.606472	Details available Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3177. Published: 2014-08-27T01:00:00.000Z Updated: 2024-08-06T10:35:56.918Z Open on db.gcve.eu Reference links https://crbug.com/386988 http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html http://secunia.com/advisories/61482 http://security.gentoo.org/glsa/glsa-201408-16.xml http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3175`	vulnerable	2026-06-03 14:33:53.604376	Details available Multiple unspecified vulnerabilities in Google Chrome before 37.0.2062.94 allow attackers to cause a denial of service or possibly have other impact via unknown vectors, related to the load_truetype_glyph function in truetype/ttgload.c in FreeType and other functions in other components. Published: 2014-08-27T01:00:00.000Z Updated: 2024-08-06T10:35:57.043Z Open on db.gcve.eu Reference links https://code.google.com/p/chromium/issues/detail?id=389216 https://code.google.com/p/chromium/issues/detail?id=389280 https://code.google.com/p/chromium/issues/detail?id=382242 https://code.google.com/p/chromium/issues/detail?id=393938 https://code.google.com/p/chromium/issues/detail?id=357452	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3174`	vulnerable	2026-06-03 14:33:53.601679	Details available modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allows remote attackers to cause a denial of service (read of uninitialized memory) via crafted API calls. Published: 2014-08-27T01:00:00.000Z Updated: 2024-08-06T10:35:56.634Z Open on db.gcve.eu Reference links https://src.chromium.org/viewvc/blink?revision=177250&view=revision http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html http://secunia.com/advisories/60424 http://secunia.com/advisories/61482 http://security.gentoo.org/glsa/glsa-201408-16.xml	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3173`	vulnerable	2026-06-03 14:33:53.599312	Details available The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer, which allows remote attackers to cause a denial of service (read of uninitialized memory) via a crafted CANVAS element, related to gpu/command_buffer/service/framebuffer_manager.cc and gpu/command_buffer/service/gles2_cmd_decoder.cc. Published: 2014-08-27T01:00:00.000Z Updated: 2024-08-06T10:35:56.775Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/69403 https://src.chromium.org/viewvc/chrome?revision=275338&view=revision https://exchange.xforce.ibmcloud.com/vulnerabilities/95473 http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html http://secunia.com/advisories/60424	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3172`	vulnerable	2026-06-03 14:33:53.597241	Details available The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as demonstrated by a chrome:// URL. Published: 2014-08-27T01:00:00.000Z Updated: 2024-08-06T10:35:56.715Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/69401 http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html https://src.chromium.org/viewvc/chrome?revision=280354&view=revision http://secunia.com/advisories/61482 http://security.gentoo.org/glsa/glsa-201408-16.xml	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3171`	vulnerable	2026-06-03 14:33:53.595159	Details available Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper use of HashMap add operations instead of HashMap set operations, related to bindings/core/v8/DOMWrapperMap.h and bindings/core/v8/SerializedScriptValue.cpp. Published: 2014-08-27T01:00:00.000Z Updated: 2024-08-06T10:35:56.707Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/95471 http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html http://www.securityfocus.com/bid/69406 http://secunia.com/advisories/60424 http://secunia.com/advisories/61482	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3170`	vulnerable	2026-06-03 14:33:53.593025	Details available extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '\0' character in a host name, which allows remote attackers to spoof the extension permission dialog by relying on truncation after this character. Published: 2014-08-27T01:00:00.000Z Updated: 2024-08-06T10:35:56.627Z Open on db.gcve.eu Reference links http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html http://secunia.com/advisories/61482 http://security.gentoo.org/glsa/glsa-201408-16.xml http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html http://secunia.com/advisories/60268	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3169`	vulnerable	2026-06-03 14:33:53.590874	Details available Use-after-free vulnerability in core/dom/ContainerNode.cpp in the DOM implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging script execution that occurs before notification of node removal. Published: 2014-08-27T01:00:00.000Z Updated: 2024-08-06T10:35:56.624Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/69405 http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html http://secunia.com/advisories/60424 http://secunia.com/advisories/61482 http://security.gentoo.org/glsa/glsa-201408-16.xml	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-3168`	vulnerable	2026-06-03 14:33:53.552405	Details available Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation. Published: 2014-08-27T01:00:00.000Z Updated: 2024-08-06T10:35:56.773Z Open on db.gcve.eu Reference links https://src.chromium.org/viewvc/blink?revision=174923&view=revision http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html http://secunia.com/advisories/60424 https://src.chromium.org/viewvc/blink?revision=174338&view=revision https://exchange.xforce.ibmcloud.com/vulnerabilities/95468	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2014-1568`	vulnerable	2026-06-03 14:33:47.846832	Details available Mozilla Network Security Services (NSS) before 3.16.2.1, 3.16.x before 3.16.5, and 3.17.x before 3.17.1, as used in Mozilla Firefox before 32.0.3, Mozilla Firefox ESR 24.x before 24.8.1 and 31.x before 31.1.1, Mozilla Thunderbird before 24.8.1 and 31.x before 31.1.2, Mozilla SeaMonkey before 2.29.1, Google Chrome before 37.0.2062.124 on Windows and OS X, and Google Chrome OS before 37.0.2062.120, does not properly parse ASN.1 values in X.509 certificates, which makes it easier for remote attackers to spoof RSA signatures via a crafted certificate, aka a "signature malleability" issue. Published: 2014-09-25T17:00:00.000Z Updated: 2024-08-06T09:42:36.192Z Open on db.gcve.eu Reference links http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.kb.cert.org/vuls/id/772676 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698 http://rhn.redhat.com/errata/RHSA-2014-1307.html	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.