Lucene search
ChromeCVE-2014-3170HistoryAug 27, 2014 - 1:55 a.m.
CVE-2014-3170
2014-08-2701:55:05
CWE-264
Chrome
web.nvd.nist.gov
39
google chrome
security vulnerability
remote attack
extension permission spoofing
cve-2014-3170
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
5.9
Confidence
Low
EPSS
0.005
Percentile
77.1%
extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a ‘\0’ character in a host name, which allows remote attackers to spoof the extension permission dialog by relying on truncation after this character.
Affected configurations
Node
googlechromeRange≤37.0.2062.93
ORgooglechromeMatch37.0.2062.0
ORgooglechromeMatch37.0.2062.1
ORgooglechromeMatch37.0.2062.2
ORgooglechromeMatch37.0.2062.3
ORgooglechromeMatch37.0.2062.4
ORgooglechromeMatch37.0.2062.5
ORgooglechromeMatch37.0.2062.6
ORgooglechromeMatch37.0.2062.7
ORgooglechromeMatch37.0.2062.8
ORgooglechromeMatch37.0.2062.9
ORgooglechromeMatch37.0.2062.10
ORgooglechromeMatch37.0.2062.11
ORgooglechromeMatch37.0.2062.12
ORgooglechromeMatch37.0.2062.13
ORgooglechromeMatch37.0.2062.14
ORgooglechromeMatch37.0.2062.15
ORgooglechromeMatch37.0.2062.16
ORgooglechromeMatch37.0.2062.17
ORgooglechromeMatch37.0.2062.18
ORgooglechromeMatch37.0.2062.19
ORgooglechromeMatch37.0.2062.20
ORgooglechromeMatch37.0.2062.21
ORgooglechromeMatch37.0.2062.22
ORgooglechromeMatch37.0.2062.23
ORgooglechromeMatch37.0.2062.24
ORgooglechromeMatch37.0.2062.25
ORgooglechromeMatch37.0.2062.26
ORgooglechromeMatch37.0.2062.27
ORgooglechromeMatch37.0.2062.28
ORgooglechromeMatch37.0.2062.29
ORgooglechromeMatch37.0.2062.30
ORgooglechromeMatch37.0.2062.31
ORgooglechromeMatch37.0.2062.32
ORgooglechromeMatch37.0.2062.33
ORgooglechromeMatch37.0.2062.34
ORgooglechromeMatch37.0.2062.35
ORgooglechromeMatch37.0.2062.36
ORgooglechromeMatch37.0.2062.37
ORgooglechromeMatch37.0.2062.39
ORgooglechromeMatch37.0.2062.43
ORgooglechromeMatch37.0.2062.44
ORgooglechromeMatch37.0.2062.45
ORgooglechromeMatch37.0.2062.46
ORgooglechromeMatch37.0.2062.47
ORgooglechromeMatch37.0.2062.48
ORgooglechromeMatch37.0.2062.49
ORgooglechromeMatch37.0.2062.50
ORgooglechromeMatch37.0.2062.51
ORgooglechromeMatch37.0.2062.52
ORgooglechromeMatch37.0.2062.53
ORgooglechromeMatch37.0.2062.54
ORgooglechromeMatch37.0.2062.55
ORgooglechromeMatch37.0.2062.56
ORgooglechromeMatch37.0.2062.57
ORgooglechromeMatch37.0.2062.58
ORgooglechromeMatch37.0.2062.59
ORgooglechromeMatch37.0.2062.60
ORgooglechromeMatch37.0.2062.61
ORgooglechromeMatch37.0.2062.62
ORgooglechromeMatch37.0.2062.63
ORgooglechromeMatch37.0.2062.64
ORgooglechromeMatch37.0.2062.65
ORgooglechromeMatch37.0.2062.66
ORgooglechromeMatch37.0.2062.67
ORgooglechromeMatch37.0.2062.68
ORgooglechromeMatch37.0.2062.69
ORgooglechromeMatch37.0.2062.70
ORgooglechromeMatch37.0.2062.71
ORgooglechromeMatch37.0.2062.72
ORgooglechromeMatch37.0.2062.73
ORgooglechromeMatch37.0.2062.74
ORgooglechromeMatch37.0.2062.75
ORgooglechromeMatch37.0.2062.76
ORgooglechromeMatch37.0.2062.77
ORgooglechromeMatch37.0.2062.78
ORgooglechromeMatch37.0.2062.80
ORgooglechromeMatch37.0.2062.81
ORgooglechromeMatch37.0.2062.89
ORgooglechromeMatch37.0.2062.90
ORgooglechromeMatch37.0.2062.91
ORgooglechromeMatch37.0.2062.92
| Vendor | Product | Version | CPE |
|---|---|---|---|
| chrome | * | cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* | |
| chrome | 37.0.2062.0 | cpe:2.3:a:google:chrome:37.0.2062.0:*:*:*:*:*:*:* | |
| chrome | 37.0.2062.1 | cpe:2.3:a:google:chrome:37.0.2062.1:*:*:*:*:*:*:* | |
| chrome | 37.0.2062.2 | cpe:2.3:a:google:chrome:37.0.2062.2:*:*:*:*:*:*:* | |
| chrome | 37.0.2062.3 | cpe:2.3:a:google:chrome:37.0.2062.3:*:*:*:*:*:*:* | |
| chrome | 37.0.2062.4 | cpe:2.3:a:google:chrome:37.0.2062.4:*:*:*:*:*:*:* | |
| chrome | 37.0.2062.5 | cpe:2.3:a:google:chrome:37.0.2062.5:*:*:*:*:*:*:* | |
| chrome | 37.0.2062.6 | cpe:2.3:a:google:chrome:37.0.2062.6:*:*:*:*:*:*:* | |
| chrome | 37.0.2062.7 | cpe:2.3:a:google:chrome:37.0.2062.7:*:*:*:*:*:*:* | |
| chrome | 37.0.2062.8 | cpe:2.3:a:google:chrome:37.0.2062.8:*:*:*:*:*:*:* |
References
googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html
lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html
secunia.com/advisories/60268
secunia.com/advisories/61482
security.gentoo.org/glsa/glsa-201408-16.xml
www.debian.org/security/2014/dsa-3039
www.securityfocus.com/bid/69400
www.securitytracker.com/id/1030767
crbug.com/390624
exchange.xforce.ibmcloud.com/vulnerabilities/95470
src.chromium.org/viewvc/chrome?revision=285492&view=revision
Related
prion
prion
Code injection
2014-08-27 01:55:00
ubuntucve
ubuntucve
CVE-2014-3170
2014-08-27 00:00:00
debiancve
debiancve
CVE-2014-3170
2014-08-27 01:55:00
cvelist
cvelist
CVE-2014-3170
2014-08-27 01:00:00
nvd
nvd
CVE-2014-3170
2014-08-27 01:55:05
nessus
nessus
Google Chrome < 37.0.2062.94 Multiple Vulnerabilities
2014-08-26 00:00:00
openSUSE Security Update : chromium (openSUSE-SU-2014:1151-1)
2014-09-23 00:00:00
threatpost
threatpost
50 Security Flaws Fixed in Google Chrome
2014-08-26 10:40:00
openvas
openvas
Google Chrome Multiple Vulnerabilities - 01 (Sep 2014) - Linux
2014-09-11 00:00:00
Google Chrome Multiple Vulnerabilities - 01 (Sep 2014) - Windows
2014-09-11 00:00:00
openSUSE: Security Advisory for chromium (openSUSE-SU-2014:1151-1)
2014-09-23 00:00:00
chrome
chrome
Stable Channel Update
2014-08-26 00:00:00
suse
suse
chromium to 37.0.2062.94 (important)
2014-09-22 15:04:25
freebsd
freebsd
chromium -- multiple vulnerabilities
2014-08-26 00:00:00
securityvulns
securityvulns
Google Chrome / Chromium multiple security vulnerabilities
2014-10-05 00:00:00
[SECURITY] [DSA 3039-1] chromium-browser security update
2014-10-05 00:00:00
osv
osv
chromium-browser - security update
2014-09-28 00:00:00
debian
debian
[SECURITY] [DSA 3039-1] chromium-browser security update
2014-09-28 18:48:40
[SECURITY] [DSA 3039-1] chromium-browser security update
2014-09-28 18:48:40
gentoo
gentoo
Chromium: Multiple vulnerabilities
2014-08-30 00:00:00
CVSS2
6.4
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
AI Score
5.9
Confidence
Low
EPSS
0.005
Percentile
77.1%
Related for CVE-2014-3170