Lucene search
HistoryMar 16, 2014 - 2:06 p.m.
CVE-2014-1703
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.1 Medium
AI Score
Confidence
Low
0.009 Low
EPSS
Percentile
83.1%
Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/renderer_host/websocket_dispatcher_host.cc in the Web Sockets implementation in Google Chrome before 33.0.1750.149 might allow remote attackers to bypass the sandbox protection mechanism by leveraging an incorrect deletion in a certain failure case.
Affected configurations
Node
googlechromeRange≤33.0.1750.146
ORgooglechromeMatch33.0.1750.0
ORgooglechromeMatch33.0.1750.1
ORgooglechromeMatch33.0.1750.2
ORgooglechromeMatch33.0.1750.3
ORgooglechromeMatch33.0.1750.4
ORgooglechromeMatch33.0.1750.5
ORgooglechromeMatch33.0.1750.6
ORgooglechromeMatch33.0.1750.7
ORgooglechromeMatch33.0.1750.8
ORgooglechromeMatch33.0.1750.9
ORgooglechromeMatch33.0.1750.10
ORgooglechromeMatch33.0.1750.11
ORgooglechromeMatch33.0.1750.12
ORgooglechromeMatch33.0.1750.13
ORgooglechromeMatch33.0.1750.14
ORgooglechromeMatch33.0.1750.15
ORgooglechromeMatch33.0.1750.16
ORgooglechromeMatch33.0.1750.18
ORgooglechromeMatch33.0.1750.19
ORgooglechromeMatch33.0.1750.20
ORgooglechromeMatch33.0.1750.21
ORgooglechromeMatch33.0.1750.22
ORgooglechromeMatch33.0.1750.23
ORgooglechromeMatch33.0.1750.24
ORgooglechromeMatch33.0.1750.25
ORgooglechromeMatch33.0.1750.26
ORgooglechromeMatch33.0.1750.27
ORgooglechromeMatch33.0.1750.28
ORgooglechromeMatch33.0.1750.29
ORgooglechromeMatch33.0.1750.30
ORgooglechromeMatch33.0.1750.31
ORgooglechromeMatch33.0.1750.34
ORgooglechromeMatch33.0.1750.35
ORgooglechromeMatch33.0.1750.36
ORgooglechromeMatch33.0.1750.37
ORgooglechromeMatch33.0.1750.38
ORgooglechromeMatch33.0.1750.39
ORgooglechromeMatch33.0.1750.40
ORgooglechromeMatch33.0.1750.41
ORgooglechromeMatch33.0.1750.42
ORgooglechromeMatch33.0.1750.43
ORgooglechromeMatch33.0.1750.44
ORgooglechromeMatch33.0.1750.45
ORgooglechromeMatch33.0.1750.46
ORgooglechromeMatch33.0.1750.47
ORgooglechromeMatch33.0.1750.48
ORgooglechromeMatch33.0.1750.49
ORgooglechromeMatch33.0.1750.50
ORgooglechromeMatch33.0.1750.51
ORgooglechromeMatch33.0.1750.52
ORgooglechromeMatch33.0.1750.53
ORgooglechromeMatch33.0.1750.54
ORgooglechromeMatch33.0.1750.55
ORgooglechromeMatch33.0.1750.56
ORgooglechromeMatch33.0.1750.57
ORgooglechromeMatch33.0.1750.58
ORgooglechromeMatch33.0.1750.59
ORgooglechromeMatch33.0.1750.60
ORgooglechromeMatch33.0.1750.61
ORgooglechromeMatch33.0.1750.62
ORgooglechromeMatch33.0.1750.63
ORgooglechromeMatch33.0.1750.64
ORgooglechromeMatch33.0.1750.65
ORgooglechromeMatch33.0.1750.66
ORgooglechromeMatch33.0.1750.67
ORgooglechromeMatch33.0.1750.68
ORgooglechromeMatch33.0.1750.69
ORgooglechromeMatch33.0.1750.70
ORgooglechromeMatch33.0.1750.71
ORgooglechromeMatch33.0.1750.73
ORgooglechromeMatch33.0.1750.74
ORgooglechromeMatch33.0.1750.75
ORgooglechromeMatch33.0.1750.76
ORgooglechromeMatch33.0.1750.77
ORgooglechromeMatch33.0.1750.79
ORgooglechromeMatch33.0.1750.80
ORgooglechromeMatch33.0.1750.81
ORgooglechromeMatch33.0.1750.82
ORgooglechromeMatch33.0.1750.83
ORgooglechromeMatch33.0.1750.85
ORgooglechromeMatch33.0.1750.88
ORgooglechromeMatch33.0.1750.89
ORgooglechromeMatch33.0.1750.90
ORgooglechromeMatch33.0.1750.91
ORgooglechromeMatch33.0.1750.92
ORgooglechromeMatch33.0.1750.93
ORgooglechromeMatch33.0.1750.104
ORgooglechromeMatch33.0.1750.106
ORgooglechromeMatch33.0.1750.107
ORgooglechromeMatch33.0.1750.108
ORgooglechromeMatch33.0.1750.109
ORgooglechromeMatch33.0.1750.110
ORgooglechromeMatch33.0.1750.111
ORgooglechromeMatch33.0.1750.112
ORgooglechromeMatch33.0.1750.113
ORgooglechromeMatch33.0.1750.115
ORgooglechromeMatch33.0.1750.116
ORgooglechromeMatch33.0.1750.117
ORgooglechromeMatch33.0.1750.124
ORgooglechromeMatch33.0.1750.125
ORgooglechromeMatch33.0.1750.126
ORgooglechromeMatch33.0.1750.132
ORgooglechromeMatch33.0.1750.133
ORgooglechromeMatch33.0.1750.135
ORgooglechromeMatch33.0.1750.136
ORgooglechromeMatch33.0.1750.144
References
googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html
lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html
security.gentoo.org/glsa/glsa-201408-16.xml
www.debian.org/security/2014/dsa-2883
www.securitytracker.com/id/1029914
code.google.com/p/chromium/issues/detail?id=338354
src.chromium.org/viewvc/chrome?revision=247627&view=revision
Related
cve
cve
CVE-2014-1703
2014-03-16 14:06:45
cvelist
cvelist
CVE-2014-1703
2014-03-16 10:00:00
ubuntucve
ubuntucve
CVE-2014-1703
2014-03-16 00:00:00
debiancve
debiancve
CVE-2014-1703
2014-03-16 14:06:00
prion
prion
Design/Logic Flaw
2014-03-16 14:06:00
threatpost
threatpost
Google Fixes Four High-Risk Flaws in Chrome Before Pwn2Own
2014-03-12 15:09:51
freebsd
freebsd
www/chromium --multiple vulnerabilities
2014-03-11 00:00:00
nessus
nessus
Google Chrome < 33.0.1750.149 Multiple Vulnerabilities (Mac OS X)
2014-03-11 00:00:00
Google Chrome < 33.0.1750.149 Multiple Vulnerabilities
2014-03-11 00:00:00
openvas
openvas
Google Chrome Multiple Vulnerabilities-02 (Mar 2014) - Mac OS X
2014-03-19 00:00:00
Google Chrome Multiple Vulnerabilities-02 (Mar 2014) - Windows
2014-03-19 00:00:00
Google Chrome Multiple Vulnerabilities-02 (Mar 2014) - Linux
2014-03-19 00:00:00
chrome
chrome
Stable Channel Update
2014-03-11 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerabilities
2014-03-19 21:33:30
suse
suse
chromium to 33.0.1750.152 stable release (important)
2014-04-09 19:04:26
debian
debian
[SECURITY] [DSA 2883-1] chromium-browser security update
2014-03-24 01:02:13
[SECURITY] [DSA 2883-1] chromium-browser security update
2014-03-24 01:02:13
securityvulns
securityvulns
[SECURITY] [DSA 2883-1] chromium-browser security update
2014-03-25 00:00:00
Chromium / Google Chrome multiple security vulnerabilities
2014-03-27 00:00:00
osv
osv
chromium-browser - security update
2014-03-23 00:00:00
gentoo
gentoo
Chromium: Multiple vulnerabilities
2014-08-30 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
6.1 Medium
AI Score
Confidence
Low
0.009 Low
EPSS
Percentile
83.1%
Related for NVD:CVE-2014-1703