Lucene search
HistoryMay 21, 2014 - 11:14 a.m.
CVE-2014-1747
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
4.7
Confidence
High
EPSS
0.003
Percentile
69.9%
Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka “Universal XSS (UXSS).”
Affected configurations
Node
googlechromeRange≤35.0.1916.113
ORgooglechromeMatch35.0.1916.0
ORgooglechromeMatch35.0.1916.1
ORgooglechromeMatch35.0.1916.2
ORgooglechromeMatch35.0.1916.3
ORgooglechromeMatch35.0.1916.4
ORgooglechromeMatch35.0.1916.5
ORgooglechromeMatch35.0.1916.6
ORgooglechromeMatch35.0.1916.7
ORgooglechromeMatch35.0.1916.8
ORgooglechromeMatch35.0.1916.9
ORgooglechromeMatch35.0.1916.10
ORgooglechromeMatch35.0.1916.11
ORgooglechromeMatch35.0.1916.13
ORgooglechromeMatch35.0.1916.14
ORgooglechromeMatch35.0.1916.15
ORgooglechromeMatch35.0.1916.17
ORgooglechromeMatch35.0.1916.18
ORgooglechromeMatch35.0.1916.19
ORgooglechromeMatch35.0.1916.20
ORgooglechromeMatch35.0.1916.21
ORgooglechromeMatch35.0.1916.22
ORgooglechromeMatch35.0.1916.23
ORgooglechromeMatch35.0.1916.27
ORgooglechromeMatch35.0.1916.31
ORgooglechromeMatch35.0.1916.32
ORgooglechromeMatch35.0.1916.33
ORgooglechromeMatch35.0.1916.34
ORgooglechromeMatch35.0.1916.35
ORgooglechromeMatch35.0.1916.36
ORgooglechromeMatch35.0.1916.37
ORgooglechromeMatch35.0.1916.38
ORgooglechromeMatch35.0.1916.39
ORgooglechromeMatch35.0.1916.40
ORgooglechromeMatch35.0.1916.41
ORgooglechromeMatch35.0.1916.42
ORgooglechromeMatch35.0.1916.43
ORgooglechromeMatch35.0.1916.44
ORgooglechromeMatch35.0.1916.45
ORgooglechromeMatch35.0.1916.46
ORgooglechromeMatch35.0.1916.47
ORgooglechromeMatch35.0.1916.48
ORgooglechromeMatch35.0.1916.49
ORgooglechromeMatch35.0.1916.51
ORgooglechromeMatch35.0.1916.52
ORgooglechromeMatch35.0.1916.54
ORgooglechromeMatch35.0.1916.56
ORgooglechromeMatch35.0.1916.57
ORgooglechromeMatch35.0.1916.59
ORgooglechromeMatch35.0.1916.61
ORgooglechromeMatch35.0.1916.68
ORgooglechromeMatch35.0.1916.69
ORgooglechromeMatch35.0.1916.71
ORgooglechromeMatch35.0.1916.72
ORgooglechromeMatch35.0.1916.74
ORgooglechromeMatch35.0.1916.77
ORgooglechromeMatch35.0.1916.80
ORgooglechromeMatch35.0.1916.82
ORgooglechromeMatch35.0.1916.84
ORgooglechromeMatch35.0.1916.85
ORgooglechromeMatch35.0.1916.86
ORgooglechromeMatch35.0.1916.88
ORgooglechromeMatch35.0.1916.90
ORgooglechromeMatch35.0.1916.92
ORgooglechromeMatch35.0.1916.93
ORgooglechromeMatch35.0.1916.95
ORgooglechromeMatch35.0.1916.96
ORgooglechromeMatch35.0.1916.98
ORgooglechromeMatch35.0.1916.99
ORgooglechromeMatch35.0.1916.101
ORgooglechromeMatch35.0.1916.103
ORgooglechromeMatch35.0.1916.104
ORgooglechromeMatch35.0.1916.105
ORgooglechromeMatch35.0.1916.106
ORgooglechromeMatch35.0.1916.107
ORgooglechromeMatch35.0.1916.108
ORgooglechromeMatch35.0.1916.109
ORgooglechromeMatch35.0.1916.110
ORgooglechromeMatch35.0.1916.111
ORgooglechromeMatch35.0.1916.112
| Vendor | Product | Version | CPE |
|---|---|---|---|
| chrome | * | cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* | |
| chrome | 35.0.1916.0 | cpe:2.3:a:google:chrome:35.0.1916.0:*:*:*:*:*:*:* | |
| chrome | 35.0.1916.1 | cpe:2.3:a:google:chrome:35.0.1916.1:*:*:*:*:*:*:* | |
| chrome | 35.0.1916.2 | cpe:2.3:a:google:chrome:35.0.1916.2:*:*:*:*:*:*:* | |
| chrome | 35.0.1916.3 | cpe:2.3:a:google:chrome:35.0.1916.3:*:*:*:*:*:*:* | |
| chrome | 35.0.1916.4 | cpe:2.3:a:google:chrome:35.0.1916.4:*:*:*:*:*:*:* | |
| chrome | 35.0.1916.5 | cpe:2.3:a:google:chrome:35.0.1916.5:*:*:*:*:*:*:* | |
| chrome | 35.0.1916.6 | cpe:2.3:a:google:chrome:35.0.1916.6:*:*:*:*:*:*:* | |
| chrome | 35.0.1916.7 | cpe:2.3:a:google:chrome:35.0.1916.7:*:*:*:*:*:*:* | |
| chrome | 35.0.1916.8 | cpe:2.3:a:google:chrome:35.0.1916.8:*:*:*:*:*:*:* |
References
googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html
lists.opensuse.org/opensuse-updates/2014-06/msg00023.html
secunia.com/advisories/58920
secunia.com/advisories/59155
security.gentoo.org/glsa/glsa-201408-16.xml
www.debian.org/security/2014/dsa-2939
www.securitytracker.com/id/1030270
code.google.com/p/chromium/issues/detail?id=330663
src.chromium.org/viewvc/blink?revision=169499&view=revision
Related
prion
prion
Cross site scripting
2014-05-21 11:14:00
ubuntucve
ubuntucve
CVE-2014-1747
2014-05-21 00:00:00
cvelist
cvelist
CVE-2014-1747
2014-05-21 10:00:00
debiancve
debiancve
CVE-2014-1747
2014-05-21 11:14:00
cve
cve
CVE-2014-1747
2014-05-21 11:14:09
threatpost
threatpost
Chrome 35 Fixes 23 Security Flaws
2014-05-20 14:11:21
nessus
nessus
FreeBSD : chromium -- multiple vulnerabilities (64f3872b-e05d-11e3-9dd4-00262d5ed8ee)
2014-05-21 00:00:00
Debian DSA-2939-1 : chromium-browser - security update
2014-06-02 00:00:00
Google Chrome < 35.0.1916.114 Multiple Vulnerabilities
2014-05-22 00:00:00
chrome
chrome
Stable Channel Update
2014-05-20 00:00:00
debian
debian
[SECURITY] [DSA 2939-1] chromium-browser security update
2014-05-31 07:27:02
[SECURITY] [DSA 2939-1] chromium-browser security update
2014-05-31 07:27:02
kaspersky
kaspersky
KLA10007 Multiple vulnerabilities in Google Chrome
2014-05-20 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2014-05-20 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 2939-1] chromium-browser security update
2014-06-09 00:00:00
Google Chrome / Chromium multiple security vulnerabilities
2014-06-09 00:00:00
openvas
openvas
Debian Security Advisory DSA 2939-1 (chromium-browser - security update)
2014-05-31 00:00:00
Google Chrome Multiple Vulnerabilities - 01 (Jun 2014) - Mac OS X
2014-06-04 00:00:00
Google Chrome Multiple Vulnerabilities - 01 (Jun 2014) - Linux
2014-06-04 00:00:00
osv
osv
chromium-browser - security update
2014-05-31 00:00:00
gentoo
gentoo
Chromium: Multiple vulnerabilities
2014-08-30 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
4.7
Confidence
High
EPSS
0.003
Percentile
69.9%
Related for NVD:CVE-2014-1747