Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdiVUPENZDI-14-086
HistoryApr 11, 2014 - 12:00 a.m.

(Pwn2Own) Google Chrome Blink Use-After-Free Remote Code Execution Vulnerability

2014-04-1100:00:00
VUPEN
www.zerodayinitiative.com
35

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.03 Low

EPSS

Percentile

90.8%

JSON

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Google Chrome. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling of Blink bindings. By manipulating a document’s elements an attacker can force a dangling pointer to be reused after it has been freed. An attacker can leverage this vulnerability to execute code under the context of the current process.

Related

ubuntucve 1
prion 1
cve 1
checkpoint_advisories 1
debiancve 1
seebug 1
thn 1
nessus 17
threatpost 1
freebsd 1
chrome 2
openvas 9
mageia 1
suse 1
securityvulns 11
debian 2
osv 1
gentoo 1
ubuntucve
ubuntucve
CVE-2014-1713
2014-03-16 00:00:00
prion
prion
Design/Logic Flaw
2014-03-16 14:06:00
cve
cve
CVE-2014-1713
2014-03-16 14:06:00
checkpoint_advisories
checkpoint_advisories
Google Chrome locationAttributeSetter Use After Free (CVE-2014-1713)
2014-09-11 00:00:00
debiancve
debiancve
CVE-2014-1713
2014-03-16 14:06:00
seebug
seebug
Google Chromeι‡Šζ”ΎεŽδ½Ώη”¨δ»»ζ„δ»£η ζ‰§θ‘ŒζΌζ΄ž
2014-03-18 00:00:00
thn
thn
Update Your Safari Browser to Patch Two Dozen of Critical Vulnerabilities
2014-04-02 22:43:00
nessus
nessus
Google Chrome for Android < 33.0.1750.166 Multiple Vulnerabilities
2014-05-01 00:00:00
Google Chrome < 33.0.1750.154 Multiple Vulnerabilities
2014-03-18 00:00:00
Google Chrome < 33.0.1750.154 (Win) Multiple Vulnerabilities
2014-03-18 00:00:00
threatpost
threatpost
Google Patches Four Pwn2Own Bugs in Chrome 33
2014-03-17 11:24:53
freebsd
freebsd
www/chromium -- multiple vulnerabilities
2014-03-14 00:00:00
chrome
chrome
Stable Channel Update
2014-03-14 00:00:00
Stable Channel Update for Chrome OS
2014-03-14 00:00:00
openvas
openvas
Google Chrome Multiple Vulnerabilities-03 (Mar 2014) - Linux
2014-03-19 00:00:00
Google Chrome Multiple Vulnerabilities-03 (Mar 2014) - Mac OS X
2014-03-19 00:00:00
Google Chrome Multiple Vulnerabilities-03 (Mar 2014) - Windows
2014-03-19 00:00:00
mageia
mageia
Updated chromium-browser-stable packages fix security vulnerabilities
2014-03-19 21:33:30
suse
suse
chromium to 33.0.1750.152 stable release (important)
2014-04-09 19:04:26
securityvulns
securityvulns
Apple iOS multiple security vulnerabilities
2014-05-04 00:00:00
APPLE-SA-2014-04-22-3 Apple TV 6.1.1
2014-05-04 00:00:00
APPLE-SA-2014-04-22-2 iOS 7.1.1
2014-05-04 00:00:00
debian
debian
[SECURITY] [DSA 2883-1] chromium-browser security update
2014-03-24 01:02:38
[SECURITY] [DSA 2883-1] chromium-browser security update
2014-03-24 01:02:13
osv
osv
chromium-browser - security update
2014-03-23 00:00:00
gentoo
gentoo
Chromium: Multiple vulnerabilities
2014-08-30 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.03 Low

EPSS

Percentile

90.8%

JSON
Related for ZDI-14-086
ubuntucve1prion1cve1checkpoint_advisories1debiancve1seebug1thn1nessus17threatpost1freebsd1chrome2openvas9mageia1suse1securityvulns11debian2osv1gentoo1