CVE-2014-3174

Google Chrome < 37.0.2062.94 - Denial of Service via Web Audio API Biquad Filter Coefficient Update

Title source: llm
STIX 2.1

Description

modules/webaudio/BiquadDSPKernel.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 37.0.2062.94, does not properly consider concurrent threads during attempts to update biquad filter coefficients, which allows remote attackers to cause a denial of service (read of uninitialized memory) via crafted API calls.

References (12)

Core 12
Core References
Release Notes, Vendor Advisory x_refsource_confirm
http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60424
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61482
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201408-16.xml
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/95474
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/69407
Issue Tracking x_refsource_confirm
https://crbug.com/389219
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60268
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1030767
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-3039

Scores

EPSS 0.0158
EPSS Percentile 72.7%

Details

CWE
CWE-119
Status published
Products (50)
google/chrome 37.0.2062.0
google/chrome 37.0.2062.1
google/chrome 37.0.2062.2
google/chrome 37.0.2062.3
google/chrome 37.0.2062.4
google/chrome 37.0.2062.5
google/chrome 37.0.2062.6
google/chrome 37.0.2062.7
google/chrome 37.0.2062.8
google/chrome 37.0.2062.9
... and 40 more
Published Aug 27, 2014
Tracked Since Feb 18, 2026