CVE-2014-3193

The SessionService::GetLastSession function in browser/sessions/session_service.cc in Google Chrome before 38.0.2125.101 allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via vectors that leverage "type confusion" for callback processing.
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:07

Type Values Removed Values Added
References () http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html - () http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html -
References () http://rhn.redhat.com/errata/RHSA-2014-1626.html - () http://rhn.redhat.com/errata/RHSA-2014-1626.html -
References () http://www.securityfocus.com/bid/70273 - () http://www.securityfocus.com/bid/70273 -
References () https://codereview.chromium.org/500143002/ - () https://codereview.chromium.org/500143002/ -
References () https://crbug.com/399655 - () https://crbug.com/399655 -

07 Nov 2023, 02:20

Type Values Removed Values Added
References (CONFIRM) http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html - Vendor Advisory () http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html -
References (BID) http://www.securityfocus.com/bid/70273 - () http://www.securityfocus.com/bid/70273 -
References (CONFIRM) https://crbug.com/399655 - () https://crbug.com/399655 -
References (CONFIRM) https://codereview.chromium.org/500143002/ - Patch () https://codereview.chromium.org/500143002/ -
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2014-1626.html - Third Party Advisory () http://rhn.redhat.com/errata/RHSA-2014-1626.html -

Information

Published : 2014-10-08 10:55

Updated : 2024-11-21 02:07


NVD link : CVE-2014-3193

Mitre link : CVE-2014-3193

CVE.ORG link : CVE-2014-3193


JSON object : View

Products Affected

redhat

  • enterprise_linux_workstation_supplementary
  • enterprise_linux_server_supplementary_eus
  • enterprise_linux_server_supplementary
  • enterprise_linux_desktop_supplementary

google

  • chrome
CWE
CWE-416

Use After Free