Lucene search

[email protected]CVE-2014-9648

HistoryJan 27, 2015 - 8:01 p.m.

CVE-2014-9648

2015-01-2720:01:00

CWE-284

[email protected]

web.nvd.nist.gov

google chrome

android

cve-2014-9648

denial of service

remote attack

8.4 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

75.3%

JSON

components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote attackers to cause a denial of service (loss of browser access to that site) via crafted JavaScript code, as demonstrated by pandora.com and the Pandora application, a different vulnerability than CVE-2015-1205.

CPENameOperatorVersion
google:chromegoogle chromele40.0.2214.85

CPE	Name	Operator	Version
google:chrome	google chrome	le	40.0.2214.85

References

googlechromereleases.blogspot.com/2015/01/stable-update.html

security.gentoo.org/glsa/glsa-201502-13.xml

code.google.com/p/chromium/issues/detail?id=331571

code.google.com/p/chromium/issues/detail?id=449894

8.4 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

75.3%

JSON

Related for CVE-2014-9648

ubuntucve7 debiancve7 prion7 cve6 openvas8 gentoo1 nessus9 mageia1 ubuntu1 securityvulns8 chrome1 archlinux1 freebsd1 redhat1 suse1 kaspersky1