CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
90.9%
Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do
not properly handle the interaction of IPC and Google V8, which allows
remote attackers to execute arbitrary code via vectors involving JSON data,
related to improper parsing of an escaped index by ParseJsonObject in
json-parser.h.
Author | Note |
---|---|
seth-arnold | I didn’t find a json-parser.h or ParseJsonObject via codesearch |
mikesalvatore | The Ubuntu Security Team does not support libv8 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 17.10 | noarch | chromium-browser | < 38.0.2125.111-0ubuntu1.1103 | UNKNOWN |
ubuntu | 18.04 | noarch | chromium-browser | < 38.0.2125.111-0ubuntu1.1103 | UNKNOWN |
ubuntu | 18.10 | noarch | chromium-browser | < 38.0.2125.111-0ubuntu1.1103 | UNKNOWN |
ubuntu | 14.04 | noarch | chromium-browser | < 38.0.2125.111-0ubuntu0.14.04.1.1061 | UNKNOWN |
ubuntu | 14.10 | noarch | chromium-browser | < 38.0.2125.111-0ubuntu0.14.10.1.1103 | UNKNOWN |
ubuntu | 15.04 | noarch | chromium-browser | < 38.0.2125.111-0ubuntu1.1103 | UNKNOWN |
ubuntu | 15.10 | noarch | chromium-browser | < 38.0.2125.111-0ubuntu1.1103 | UNKNOWN |
ubuntu | 16.04 | noarch | chromium-browser | < 38.0.2125.111-0ubuntu1.1103 | UNKNOWN |
ubuntu | 16.10 | noarch | chromium-browser | < 38.0.2125.111-0ubuntu1.1103 | UNKNOWN |
ubuntu | 17.04 | noarch | chromium-browser | < 38.0.2125.111-0ubuntu1.1103 | UNKNOWN |
googlechromereleases.blogspot.com/2014/10/stable-channel-update-for-chrome-os.html
googlechromereleases.blogspot.com/2014/10/stable-channel-update.html
code.google.com/p/v8/source/detail?r=24125
crbug.com/416449
launchpad.net/bugs/cve/CVE-2014-3188
nvd.nist.gov/vuln/detail/CVE-2014-3188
security-tracker.debian.org/tracker/CVE-2014-3188
ubuntu.com/security/notices/USN-2345-1
www.cve.org/CVERecord?id=CVE-2014-3188