CVE-2014-3187

Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted web site.
Configurations

Configuration 1 (hide)

AND
OR cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.0:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.2:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.3:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.4:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.5:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.6:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.10:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.11:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.12:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.13:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.14:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.15:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.16:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.17:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.18:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.19:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.20:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.21:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.22:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.23:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.24:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.25:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.26:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.27:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.28:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.29:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.30:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.31:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.32:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.33:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.34:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.35:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.36:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.37:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.39:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.43:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.44:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.45:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.46:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.47:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.48:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.49:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.50:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.51:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.52:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.53:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.54:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.55:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.56:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.57:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:37.0.2062.58:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:38.0.2125.7:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:-:*:*:*:*:*:*:*

History

07 Nov 2023, 02:19

Type Values Removed Values Added
References (MISC) http://twitter.com/S9Labs/statuses/519576582742999043 - () http://twitter.com/S9Labs/statuses/519576582742999043 -
References (MISC) https://medium.com/section-9-lab/abusing-ios-url-handlers-on-messages-96979e8b12f5 - Exploit () https://medium.com/section-9-lab/abusing-ios-url-handlers-on-messages-96979e8b12f5 -
References (CONFIRM) http://googlechromereleases.blogspot.com/2014/10/chrome-for-ios-update.html - Vendor Advisory () http://googlechromereleases.blogspot.com/2014/10/chrome-for-ios-update.html -
References (CONFIRM) https://code.google.com/p/chromium/issues/detail?id=413831 - () https://code.google.com/p/chromium/issues/detail?id=413831 -

Information

Published : 2014-10-08 10:55

Updated : 2024-02-28 12:20


NVD link : CVE-2014-3187

Mitre link : CVE-2014-3187

CVE.ORG link : CVE-2014-3187


JSON object : View

Products Affected

google

  • chrome

apple

  • iphone_os
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')