Ubuntu.comUB:CVE-2014-9648CVE-2014-9648
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.005 Low
EPSS
Percentile
75.2%
components/navigation_interception/intercept_navigation_resource_throttle.cc
in Google Chrome before 40.0.2214.91 on Android does not properly restrict
use of intent: URLs to open an application after navigation to a web site,
which allows remote attackers to cause a denial of service (loss of browser
access to that site) via crafted JavaScript code, as demonstrated by
pandora.com and the Pandora application, a different vulnerability than
CVE-2015-1205.
Notes
| Author | Note |
|---|---|
| mdeslaur | maybe android specific |
References
googlechromereleases.blogspot.com/2015/01/stable-update.html
code.google.com/p/chromium/issues/detail?id=331571
code.google.com/p/chromium/issues/detail?id=449894
launchpad.net/bugs/cve/CVE-2014-9648
nvd.nist.gov/vuln/detail/CVE-2014-9648
security-tracker.debian.org/tracker/CVE-2014-9648
www.cve.org/CVERecord?id=CVE-2014-9648
Related
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.005 Low
EPSS
Percentile
75.2%