Lucene search

K

ChromeCVELIST:CVE-2014-3160

HistoryJul 20, 2014 - 10:00 a.m.

CVE-2014-3160

2014-07-2010:00:00

Chrome

www.cve.org

5.8 Medium

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.2%

The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file.

References

googlechromereleases.blogspot.com/2014/07/stable-channel-update.html

secunia.com/advisories/60061

secunia.com/advisories/60372

security.gentoo.org/glsa/glsa-201408-16.xml

www.debian.org/security/2014/dsa-3039

www.securityfocus.com/bid/68677

code.google.com/p/chromium/issues/detail?id=380885

src.chromium.org/viewvc/blink?revision=176084&view=revision

5.8 Medium

AI Score

Confidence

Low

0.014 Low

EPSS

Percentile

86.2%

Related for CVELIST:CVE-2014-3160

ubuntucve1 cve1 nvd1 debiancve1 prion1 nessus7 openvas8 chrome1 freebsd1 suse1 securityvulns2 osv1 debian2 ubuntu1 gentoo1