Lucene search

[email protected]NVD:CVE-2014-3161

HistoryJul 20, 2014 - 11:12 a.m.

CVE-2014-3161

2014-07-2011:12:50

CWE-264

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.1

Confidence

Low

EPSS

0.003

Percentile

70.1%

JSON

The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video stream.

Affected configurations

Nvd

Node

googlechromeRange≤36.0.1985.106

googlechromeMatch36.0.1985.1

googlechromeMatch36.0.1985.2

googlechromeMatch36.0.1985.3

googlechromeMatch36.0.1985.4

googlechromeMatch36.0.1985.5

googlechromeMatch36.0.1985.6

googlechromeMatch36.0.1985.8

googlechromeMatch36.0.1985.12

googlechromeMatch36.0.1985.13

googlechromeMatch36.0.1985.14

googlechromeMatch36.0.1985.15

googlechromeMatch36.0.1985.16

googlechromeMatch36.0.1985.17

googlechromeMatch36.0.1985.18

googlechromeMatch36.0.1985.19

googlechromeMatch36.0.1985.20

googlechromeMatch36.0.1985.21

googlechromeMatch36.0.1985.22

googlechromeMatch36.0.1985.23

googlechromeMatch36.0.1985.24

googlechromeMatch36.0.1985.25

googlechromeMatch36.0.1985.26

googlechromeMatch36.0.1985.27

googlechromeMatch36.0.1985.28

googlechromeMatch36.0.1985.29

googlechromeMatch36.0.1985.30

googlechromeMatch36.0.1985.31

googlechromeMatch36.0.1985.32

googlechromeMatch36.0.1985.33

googlechromeMatch36.0.1985.34

googlechromeMatch36.0.1985.35

googlechromeMatch36.0.1985.36

googlechromeMatch36.0.1985.37

googlechromeMatch36.0.1985.38

googlechromeMatch36.0.1985.39

googlechromeMatch36.0.1985.40

googlechromeMatch36.0.1985.41

googlechromeMatch36.0.1985.42

googlechromeMatch36.0.1985.43

googlechromeMatch36.0.1985.44

googlechromeMatch36.0.1985.45

googlechromeMatch36.0.1985.46

googlechromeMatch36.0.1985.47

googlechromeMatch36.0.1985.48

googlechromeMatch36.0.1985.49

googlechromeMatch36.0.1985.50

googlechromeMatch36.0.1985.51

googlechromeMatch36.0.1985.52

googlechromeMatch36.0.1985.53

googlechromeMatch36.0.1985.54

googlechromeMatch36.0.1985.55

googlechromeMatch36.0.1985.56

googlechromeMatch36.0.1985.57

googlechromeMatch36.0.1985.58

googlechromeMatch36.0.1985.59

googlechromeMatch36.0.1985.60

googlechromeMatch36.0.1985.61

googlechromeMatch36.0.1985.62

googlechromeMatch36.0.1985.63

googlechromeMatch36.0.1985.64

googlechromeMatch36.0.1985.65

googlechromeMatch36.0.1985.66

googlechromeMatch36.0.1985.67

googlechromeMatch36.0.1985.68

googlechromeMatch36.0.1985.69

googlechromeMatch36.0.1985.70

googlechromeMatch36.0.1985.72

googlechromeMatch36.0.1985.73

googlechromeMatch36.0.1985.74

googlechromeMatch36.0.1985.75

googlechromeMatch36.0.1985.76

googlechromeMatch36.0.1985.77

googlechromeMatch36.0.1985.78

googlechromeMatch36.0.1985.79

googlechromeMatch36.0.1985.81

googlechromeMatch36.0.1985.82

googlechromeMatch36.0.1985.83

googlechromeMatch36.0.1985.84

googlechromeMatch36.0.1985.85

googlechromeMatch36.0.1985.86

googlechromeMatch36.0.1985.87

googlechromeMatch36.0.1985.88

googlechromeMatch36.0.1985.89

googlechromeMatch36.0.1985.90

googlechromeMatch36.0.1985.91

googlechromeMatch36.0.1985.92

googlechromeMatch36.0.1985.93

googlechromeMatch36.0.1985.94

googlechromeMatch36.0.1985.95

googlechromeMatch36.0.1985.96

googlechromeMatch36.0.1985.97

googlechromeMatch36.0.1985.98

googlechromeMatch36.0.1985.99

googlechromeMatch36.0.1985.100

googlechromeMatch36.0.1985.101

googlechromeMatch36.0.1985.102

googlechromeMatch36.0.1985.103

googlechromeMatch36.0.1985.104

googlechromeMatch36.0.1985.105

AND

googleandroid

VendorProductVersionCPE
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
googlechrome36.0.1985.1cpe:2.3:a:google:chrome:36.0.1985.1:*:*:*:*:*:*:*
googlechrome36.0.1985.2cpe:2.3:a:google:chrome:36.0.1985.2:*:*:*:*:*:*:*
googlechrome36.0.1985.3cpe:2.3:a:google:chrome:36.0.1985.3:*:*:*:*:*:*:*
googlechrome36.0.1985.4cpe:2.3:a:google:chrome:36.0.1985.4:*:*:*:*:*:*:*
googlechrome36.0.1985.5cpe:2.3:a:google:chrome:36.0.1985.5:*:*:*:*:*:*:*
googlechrome36.0.1985.6cpe:2.3:a:google:chrome:36.0.1985.6:*:*:*:*:*:*:*
googlechrome36.0.1985.8cpe:2.3:a:google:chrome:36.0.1985.8:*:*:*:*:*:*:*
googlechrome36.0.1985.12cpe:2.3:a:google:chrome:36.0.1985.12:*:*:*:*:*:*:*
googlechrome36.0.1985.13cpe:2.3:a:google:chrome:36.0.1985.13:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	chrome	*	cpe:2.3:a:google:chrome::::::::
google	chrome	36.0.1985.1	cpe:2.3:a:google:chrome:36.0.1985.1:::::::*
google	chrome	36.0.1985.2	cpe:2.3:a:google:chrome:36.0.1985.2:::::::*
google	chrome	36.0.1985.3	cpe:2.3:a:google:chrome:36.0.1985.3:::::::*
google	chrome	36.0.1985.4	cpe:2.3:a:google:chrome:36.0.1985.4:::::::*
google	chrome	36.0.1985.5	cpe:2.3:a:google:chrome:36.0.1985.5:::::::*
google	chrome	36.0.1985.6	cpe:2.3:a:google:chrome:36.0.1985.6:::::::*
google	chrome	36.0.1985.8	cpe:2.3:a:google:chrome:36.0.1985.8:::::::*
google	chrome	36.0.1985.12	cpe:2.3:a:google:chrome:36.0.1985.12:::::::*
google	chrome	36.0.1985.13	cpe:2.3:a:google:chrome:36.0.1985.13:::::::*

Rows per page:

1-10 of 1011

References

googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html

code.google.com/p/chromium/issues/detail?id=334204

src.chromium.org/viewvc/chrome?revision=266396&view=revision

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

6.1

Confidence

Low

EPSS

0.003

Percentile

70.1%

JSON

Related for NVD:CVE-2014-3161

cvelist1 cve1 prion1 nessus1