Lucene search
HistoryMar 16, 2014 - 2:06 p.m.
CVE-2014-1701
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.3 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
72.5%
The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to conduct Universal XSS (UXSS) attacks via vectors involving events.
Affected configurations
Node
googlechromeRange≤33.0.1750.146
ORgooglechromeMatch33.0.1750.0
ORgooglechromeMatch33.0.1750.1
ORgooglechromeMatch33.0.1750.2
ORgooglechromeMatch33.0.1750.3
ORgooglechromeMatch33.0.1750.4
ORgooglechromeMatch33.0.1750.5
ORgooglechromeMatch33.0.1750.6
ORgooglechromeMatch33.0.1750.7
ORgooglechromeMatch33.0.1750.8
ORgooglechromeMatch33.0.1750.9
ORgooglechromeMatch33.0.1750.10
ORgooglechromeMatch33.0.1750.11
ORgooglechromeMatch33.0.1750.12
ORgooglechromeMatch33.0.1750.13
ORgooglechromeMatch33.0.1750.14
ORgooglechromeMatch33.0.1750.15
ORgooglechromeMatch33.0.1750.16
ORgooglechromeMatch33.0.1750.18
ORgooglechromeMatch33.0.1750.19
ORgooglechromeMatch33.0.1750.20
ORgooglechromeMatch33.0.1750.21
ORgooglechromeMatch33.0.1750.22
ORgooglechromeMatch33.0.1750.23
ORgooglechromeMatch33.0.1750.24
ORgooglechromeMatch33.0.1750.25
ORgooglechromeMatch33.0.1750.26
ORgooglechromeMatch33.0.1750.27
ORgooglechromeMatch33.0.1750.28
ORgooglechromeMatch33.0.1750.29
ORgooglechromeMatch33.0.1750.30
ORgooglechromeMatch33.0.1750.31
ORgooglechromeMatch33.0.1750.34
ORgooglechromeMatch33.0.1750.35
ORgooglechromeMatch33.0.1750.36
ORgooglechromeMatch33.0.1750.37
ORgooglechromeMatch33.0.1750.38
ORgooglechromeMatch33.0.1750.39
ORgooglechromeMatch33.0.1750.40
ORgooglechromeMatch33.0.1750.41
ORgooglechromeMatch33.0.1750.42
ORgooglechromeMatch33.0.1750.43
ORgooglechromeMatch33.0.1750.44
ORgooglechromeMatch33.0.1750.45
ORgooglechromeMatch33.0.1750.46
ORgooglechromeMatch33.0.1750.47
ORgooglechromeMatch33.0.1750.48
ORgooglechromeMatch33.0.1750.49
ORgooglechromeMatch33.0.1750.50
ORgooglechromeMatch33.0.1750.51
ORgooglechromeMatch33.0.1750.52
ORgooglechromeMatch33.0.1750.53
ORgooglechromeMatch33.0.1750.54
ORgooglechromeMatch33.0.1750.55
ORgooglechromeMatch33.0.1750.56
ORgooglechromeMatch33.0.1750.57
ORgooglechromeMatch33.0.1750.58
ORgooglechromeMatch33.0.1750.59
ORgooglechromeMatch33.0.1750.60
ORgooglechromeMatch33.0.1750.61
ORgooglechromeMatch33.0.1750.62
ORgooglechromeMatch33.0.1750.63
ORgooglechromeMatch33.0.1750.64
ORgooglechromeMatch33.0.1750.65
ORgooglechromeMatch33.0.1750.66
ORgooglechromeMatch33.0.1750.67
ORgooglechromeMatch33.0.1750.68
ORgooglechromeMatch33.0.1750.69
ORgooglechromeMatch33.0.1750.70
ORgooglechromeMatch33.0.1750.71
ORgooglechromeMatch33.0.1750.73
ORgooglechromeMatch33.0.1750.74
ORgooglechromeMatch33.0.1750.75
ORgooglechromeMatch33.0.1750.76
ORgooglechromeMatch33.0.1750.77
ORgooglechromeMatch33.0.1750.79
ORgooglechromeMatch33.0.1750.80
ORgooglechromeMatch33.0.1750.81
ORgooglechromeMatch33.0.1750.82
ORgooglechromeMatch33.0.1750.83
ORgooglechromeMatch33.0.1750.85
ORgooglechromeMatch33.0.1750.88
ORgooglechromeMatch33.0.1750.89
ORgooglechromeMatch33.0.1750.90
ORgooglechromeMatch33.0.1750.91
ORgooglechromeMatch33.0.1750.92
ORgooglechromeMatch33.0.1750.93
ORgooglechromeMatch33.0.1750.104
ORgooglechromeMatch33.0.1750.106
ORgooglechromeMatch33.0.1750.107
ORgooglechromeMatch33.0.1750.108
ORgooglechromeMatch33.0.1750.109
ORgooglechromeMatch33.0.1750.110
ORgooglechromeMatch33.0.1750.111
ORgooglechromeMatch33.0.1750.112
ORgooglechromeMatch33.0.1750.113
ORgooglechromeMatch33.0.1750.115
ORgooglechromeMatch33.0.1750.116
ORgooglechromeMatch33.0.1750.117
ORgooglechromeMatch33.0.1750.124
ORgooglechromeMatch33.0.1750.125
ORgooglechromeMatch33.0.1750.126
ORgooglechromeMatch33.0.1750.132
ORgooglechromeMatch33.0.1750.133
ORgooglechromeMatch33.0.1750.135
ORgooglechromeMatch33.0.1750.136
ORgooglechromeMatch33.0.1750.144
References
googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html
lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html
security.gentoo.org/glsa/glsa-201408-16.xml
www.debian.org/security/2014/dsa-2883
www.securitytracker.com/id/1029914
code.google.com/p/chromium/issues/detail?id=342618
src.chromium.org/viewvc/blink?revision=166999&view=revision
Related
cve
cve
CVE-2014-1701
2014-03-16 14:06:45
cvelist
cvelist
CVE-2014-1701
2014-03-16 10:00:00
ubuntucve
ubuntucve
CVE-2014-1701
2014-03-16 00:00:00
debiancve
debiancve
CVE-2014-1701
2014-03-16 14:06:00
prion
prion
Session fixation
2014-03-16 14:06:00
threatpost
threatpost
Google Fixes Four High-Risk Flaws in Chrome Before Pwn2Own
2014-03-12 15:09:51
nessus
nessus
Google Chrome < 33.0.1750.149 Multiple Vulnerabilities
2014-03-11 00:00:00
Google Chrome < 33.0.1750.149 Multiple Vulnerabilities (Mac OS X)
2014-03-11 00:00:00
openvas
openvas
Google Chrome Multiple Vulnerabilities-02 (Mar 2014) - Mac OS X
2014-03-19 00:00:00
Google Chrome Multiple Vulnerabilities-02 (Mar 2014) - Windows
2014-03-19 00:00:00
Google Chrome Multiple Vulnerabilities-02 (Mar 2014) - Linux
2014-03-19 00:00:00
chrome
chrome
Stable Channel Update
2014-03-11 00:00:00
freebsd
freebsd
www/chromium --multiple vulnerabilities
2014-03-11 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerabilities
2014-03-19 21:33:30
suse
suse
chromium to 33.0.1750.152 stable release (important)
2014-04-09 19:04:26
securityvulns
securityvulns
Chromium / Google Chrome multiple security vulnerabilities
2014-03-27 00:00:00
[SECURITY] [DSA 2883-1] chromium-browser security update
2014-03-25 00:00:00
debian
debian
[SECURITY] [DSA 2883-1] chromium-browser security update
2014-03-24 01:02:13
[SECURITY] [DSA 2883-1] chromium-browser security update
2014-03-24 01:02:13
osv
osv
chromium-browser - security update
2014-03-23 00:00:00
gentoo
gentoo
Chromium: Multiple vulnerabilities
2014-08-30 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
5.3 Medium
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
72.5%
Related for NVD:CVE-2014-1701