CVE-2014-1730

Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc.

CVSS v2.0 7.8 HIGH

7.8^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html
http://secunia.com/advisories/58301
http://secunia.com/advisories/60372
http://security.gentoo.org/glsa/glsa-201408-16.xml
http://www.debian.org/security/2014/dsa-2920
https://code.google.com/p/chromium/issues/detail?id=354967
https://code.google.com/p/v8/source/detail?r=20375
https://code.google.com/p/v8/source/detail?r=20377
https://code.google.com/p/v8/source/detail?r=20388
https://code.google.com/p/v8/source/detail?r=20593
https://code.google.com/p/v8/source/detail?r=20595
http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html
http://secunia.com/advisories/58301
http://secunia.com/advisories/60372
http://security.gentoo.org/glsa/glsa-201408-16.xml
http://www.debian.org/security/2014/dsa-2920
https://code.google.com/p/chromium/issues/detail?id=354967
https://code.google.com/p/v8/source/detail?r=20375
https://code.google.com/p/v8/source/detail?r=20377
https://code.google.com/p/v8/source/detail?r=20388
https://code.google.com/p/v8/source/detail?r=20593
https://code.google.com/p/v8/source/detail?r=20595

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:mac_os_x:-:::::::*
	cpe:2.3:o:microsoft:windows:-:::::::*

Configuration 2 (hide)

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

History

21 Nov 2024, 02:04

Type	Values Removed	Values Added
References	~~() http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html -~~	() http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html -
References	~~() http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html -~~	() http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html -
References	~~() http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html -~~	() http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html -
References	~~() http://secunia.com/advisories/58301 -~~	() http://secunia.com/advisories/58301 -
References	~~() http://secunia.com/advisories/60372 -~~	() http://secunia.com/advisories/60372 -
References	~~() http://security.gentoo.org/glsa/glsa-201408-16.xml -~~	() http://security.gentoo.org/glsa/glsa-201408-16.xml -
References	~~() http://www.debian.org/security/2014/dsa-2920 -~~	() http://www.debian.org/security/2014/dsa-2920 -
References	~~() https://code.google.com/p/chromium/issues/detail?id=354967 -~~	() https://code.google.com/p/chromium/issues/detail?id=354967 -
References	~~() https://code.google.com/p/v8/source/detail?r=20375 -~~	() https://code.google.com/p/v8/source/detail?r=20375 -
References	~~() https://code.google.com/p/v8/source/detail?r=20377 -~~	() https://code.google.com/p/v8/source/detail?r=20377 -
References	~~() https://code.google.com/p/v8/source/detail?r=20388 -~~	() https://code.google.com/p/v8/source/detail?r=20388 -
References	~~() https://code.google.com/p/v8/source/detail?r=20593 -~~	() https://code.google.com/p/v8/source/detail?r=20593 -
References	~~() https://code.google.com/p/v8/source/detail?r=20595 -~~	() https://code.google.com/p/v8/source/detail?r=20595 -

07 Nov 2023, 02:19

Type	Values Removed	Values Added
References	~~(SECUNIA) http://secunia.com/advisories/60372 - Broken Link~~	() http://secunia.com/advisories/60372 -
References	~~(CONFIRM) https://code.google.com/p/v8/source/detail?r=20593 - Vendor Advisory~~	() https://code.google.com/p/v8/source/detail?r=20593 -
References	~~(CONFIRM) https://code.google.com/p/v8/source/detail?r=20375 - Vendor Advisory~~	() https://code.google.com/p/v8/source/detail?r=20375 -
References	~~(SUSE) http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html - Broken Link~~	() http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html -
References	~~(CONFIRM) https://code.google.com/p/chromium/issues/detail?id=354967 - Permissions Required~~	() https://code.google.com/p/chromium/issues/detail?id=354967 -
References	~~(SUSE) http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html - Broken Link~~	() http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html -
References	~~(CONFIRM) https://code.google.com/p/v8/source/detail?r=20388 - Vendor Advisory~~	() https://code.google.com/p/v8/source/detail?r=20388 -
References	~~(CONFIRM) https://code.google.com/p/v8/source/detail?r=20377 - Vendor Advisory~~	() https://code.google.com/p/v8/source/detail?r=20377 -
References	~~(GENTOO) http://security.gentoo.org/glsa/glsa-201408-16.xml - Third Party Advisory~~	() http://security.gentoo.org/glsa/glsa-201408-16.xml -
References	~~(SECUNIA) http://secunia.com/advisories/58301 - Broken Link, Vendor Advisory~~	() http://secunia.com/advisories/58301 -
References	~~(CONFIRM) http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html - Broken Link, Release Notes, Vendor Advisory~~	() http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html -
References	~~(DEBIAN) http://www.debian.org/security/2014/dsa-2920 - Third Party Advisory~~	() http://www.debian.org/security/2014/dsa-2920 -
References	~~(CONFIRM) https://code.google.com/p/v8/source/detail?r=20595 - Vendor Advisory~~	() https://code.google.com/p/v8/source/detail?r=20595 -

Information

Published : 2014-04-26 10:55

Updated : 2024-11-21 02:04

NVD link : CVE-2014-1730

Mitre link : CVE-2014-1730

CVE.ORG link : CVE-2014-1730

JSON object : View

Products Affected

apple

mac_os_x

linux

linux_kernel

microsoft

windows

google

chrome

CWE

CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')

7.8 /10