Lucene search
ChromeCVE-2014-3159HistoryJul 20, 2014 - 11:12 a.m.
CVE-2014-3159
2014-07-2011:12:50
CWE-20
Chrome
web.nvd.nist.gov
21
cve-2014-3159
google chrome
android
url spoofing
remote attackers
nvd
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
6.4
Confidence
Low
EPSS
0.002
Percentile
59.5%
The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote attackers to spoof the URL in the Omnibox via unspecified vectors.
Affected configurations
Node
googlechromeRange≤36.0.1985.106
ORgooglechromeMatch36.0.1985.1
ORgooglechromeMatch36.0.1985.2
ORgooglechromeMatch36.0.1985.3
ORgooglechromeMatch36.0.1985.4
ORgooglechromeMatch36.0.1985.5
ORgooglechromeMatch36.0.1985.6
ORgooglechromeMatch36.0.1985.8
ORgooglechromeMatch36.0.1985.12
ORgooglechromeMatch36.0.1985.13
ORgooglechromeMatch36.0.1985.14
ORgooglechromeMatch36.0.1985.15
ORgooglechromeMatch36.0.1985.16
ORgooglechromeMatch36.0.1985.17
ORgooglechromeMatch36.0.1985.18
ORgooglechromeMatch36.0.1985.19
ORgooglechromeMatch36.0.1985.20
ORgooglechromeMatch36.0.1985.21
ORgooglechromeMatch36.0.1985.22
ORgooglechromeMatch36.0.1985.23
ORgooglechromeMatch36.0.1985.24
ORgooglechromeMatch36.0.1985.25
ORgooglechromeMatch36.0.1985.26
ORgooglechromeMatch36.0.1985.27
ORgooglechromeMatch36.0.1985.28
ORgooglechromeMatch36.0.1985.29
ORgooglechromeMatch36.0.1985.30
ORgooglechromeMatch36.0.1985.31
ORgooglechromeMatch36.0.1985.32
ORgooglechromeMatch36.0.1985.33
ORgooglechromeMatch36.0.1985.34
ORgooglechromeMatch36.0.1985.35
ORgooglechromeMatch36.0.1985.36
ORgooglechromeMatch36.0.1985.37
ORgooglechromeMatch36.0.1985.38
ORgooglechromeMatch36.0.1985.39
ORgooglechromeMatch36.0.1985.40
ORgooglechromeMatch36.0.1985.41
ORgooglechromeMatch36.0.1985.42
ORgooglechromeMatch36.0.1985.43
ORgooglechromeMatch36.0.1985.44
ORgooglechromeMatch36.0.1985.45
ORgooglechromeMatch36.0.1985.46
ORgooglechromeMatch36.0.1985.47
ORgooglechromeMatch36.0.1985.48
ORgooglechromeMatch36.0.1985.49
ORgooglechromeMatch36.0.1985.50
ORgooglechromeMatch36.0.1985.51
ORgooglechromeMatch36.0.1985.52
ORgooglechromeMatch36.0.1985.53
ORgooglechromeMatch36.0.1985.54
ORgooglechromeMatch36.0.1985.55
ORgooglechromeMatch36.0.1985.56
ORgooglechromeMatch36.0.1985.57
ORgooglechromeMatch36.0.1985.58
ORgooglechromeMatch36.0.1985.59
ORgooglechromeMatch36.0.1985.60
ORgooglechromeMatch36.0.1985.61
ORgooglechromeMatch36.0.1985.62
ORgooglechromeMatch36.0.1985.63
ORgooglechromeMatch36.0.1985.64
ORgooglechromeMatch36.0.1985.65
ORgooglechromeMatch36.0.1985.66
ORgooglechromeMatch36.0.1985.67
ORgooglechromeMatch36.0.1985.68
ORgooglechromeMatch36.0.1985.69
ORgooglechromeMatch36.0.1985.70
ORgooglechromeMatch36.0.1985.72
ORgooglechromeMatch36.0.1985.73
ORgooglechromeMatch36.0.1985.74
ORgooglechromeMatch36.0.1985.75
ORgooglechromeMatch36.0.1985.76
ORgooglechromeMatch36.0.1985.77
ORgooglechromeMatch36.0.1985.78
ORgooglechromeMatch36.0.1985.79
ORgooglechromeMatch36.0.1985.81
ORgooglechromeMatch36.0.1985.82
ORgooglechromeMatch36.0.1985.83
ORgooglechromeMatch36.0.1985.84
ORgooglechromeMatch36.0.1985.85
ORgooglechromeMatch36.0.1985.86
ORgooglechromeMatch36.0.1985.87
ORgooglechromeMatch36.0.1985.88
ORgooglechromeMatch36.0.1985.89
ORgooglechromeMatch36.0.1985.90
ORgooglechromeMatch36.0.1985.91
ORgooglechromeMatch36.0.1985.92
ORgooglechromeMatch36.0.1985.93
ORgooglechromeMatch36.0.1985.94
ORgooglechromeMatch36.0.1985.95
ORgooglechromeMatch36.0.1985.96
ORgooglechromeMatch36.0.1985.97
ORgooglechromeMatch36.0.1985.98
ORgooglechromeMatch36.0.1985.99
ORgooglechromeMatch36.0.1985.100
ORgooglechromeMatch36.0.1985.101
ORgooglechromeMatch36.0.1985.102
ORgooglechromeMatch36.0.1985.103
ORgooglechromeMatch36.0.1985.104
ORgooglechromeMatch36.0.1985.105
googleandroid
| Vendor | Product | Version | CPE |
|---|---|---|---|
| chrome | * | cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* | |
| chrome | 36.0.1985.1 | cpe:2.3:a:google:chrome:36.0.1985.1:*:*:*:*:*:*:* | |
| chrome | 36.0.1985.2 | cpe:2.3:a:google:chrome:36.0.1985.2:*:*:*:*:*:*:* | |
| chrome | 36.0.1985.3 | cpe:2.3:a:google:chrome:36.0.1985.3:*:*:*:*:*:*:* | |
| chrome | 36.0.1985.4 | cpe:2.3:a:google:chrome:36.0.1985.4:*:*:*:*:*:*:* | |
| chrome | 36.0.1985.5 | cpe:2.3:a:google:chrome:36.0.1985.5:*:*:*:*:*:*:* | |
| chrome | 36.0.1985.6 | cpe:2.3:a:google:chrome:36.0.1985.6:*:*:*:*:*:*:* | |
| chrome | 36.0.1985.8 | cpe:2.3:a:google:chrome:36.0.1985.8:*:*:*:*:*:*:* | |
| chrome | 36.0.1985.12 | cpe:2.3:a:google:chrome:36.0.1985.12:*:*:*:*:*:*:* | |
| chrome | 36.0.1985.13 | cpe:2.3:a:google:chrome:36.0.1985.13:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2014-3159
2014-07-20 10:00:00
prion
prion
Code injection
2014-07-20 11:12:00
nvd
nvd
CVE-2014-3159
2014-07-20 11:12:50
nessus
nessus
Google Chrome for Android < 36.0.1985.122 Multiple Vulnerabilities
2014-07-17 00:00:00
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
6.4
Confidence
Low
EPSS
0.002
Percentile
59.5%
Related for CVE-2014-3159