Ubuntu.comUB:CVE-2014-1716CVE-2014-1716
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
77.6%
Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype
function in runtime.cc in Google V8, as used in Google Chrome before
34.0.1847.116, allows remote attackers to inject arbitrary web script or
HTML via unspecified vectors, aka “Universal XSS (UXSS).”
Notes
| Author | Note |
|---|---|
| chrisccoulson | Issue was fixed prior to Oxide r501, the first version to be included in an Ubuntu release |
| mikesalvatore | The Ubuntu Security Team does not support libv8 |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 12.04 | noarch | chromium-browser | < 34.0.1847.116-0ubuntu~1.12.04.0~pkg884 | UNKNOWN |
| ubuntu | 12.10 | noarch | chromium-browser | < 34.0.1847.116-0ubuntu~1.12.10.0~pkg900 | UNKNOWN |
| ubuntu | 13.10 | noarch | chromium-browser | < 34.0.1847.116-0ubuntu~1.13.10.0~pkg991 | UNKNOWN |
References
googlechromereleases.blogspot.com/2014/04/stable-channel-update.html
code.google.com/p/chromium/issues/detail?id=354123
code.google.com/p/v8/source/detail?r=20138
launchpad.net/bugs/cve/CVE-2014-1716
nvd.nist.gov/vuln/detail/CVE-2014-1716
security-tracker.debian.org/tracker/CVE-2014-1716
www.cve.org/CVERecord?id=CVE-2014-1716
Related
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.006 Low
EPSS
Percentile
77.6%