Lucene search

PRIOn knowledge basePRION:CVE-2014-1730

HistoryApr 26, 2014 - 10:55 a.m.

Type confusion

2014-04-2610:55:00

PRIOn knowledge base

www.prio-n.com

6.7 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.9%

JSON

Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging “type confusion” and reading property values, related to i18n.js and runtime.cc.

CPENameOperatorVersion
chromelt34.0.1847.131
chromelt34.0.1847.132

CPE	Name	Operator	Version
	chrome	lt	34.0.1847.131
	chrome	lt	34.0.1847.132

References

lists.opensuse.org/opensuse-updates/2014-05/msg00049.html

lists.opensuse.org/opensuse-updates/2014-05/msg00050.html

secunia.com/advisories/58301

secunia.com/advisories/60372

security.gentoo.org/glsa/glsa-201408-16.xml

www.debian.org/security/2014/dsa-2920

code.google.com/p/chromium/issues/detail?id=354967

code.google.com/p/v8/source/detail?r=20375

code.google.com/p/v8/source/detail?r=20377

code.google.com/p/v8/source/detail?r=20388

code.google.com/p/v8/source/detail?r=20593

code.google.com/p/v8/source/detail?r=20595

googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html