The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
07 Nov 2023, 02:20
Type | Values Removed | Values Added |
---|---|---|
References | () https://crbug.com/396544 - | |
References | () https://src.chromium.org/viewvc/blink?revision=179240&view=revision - | |
References | () http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html - | |
References | () http://www.securityfocus.com/bid/70273 - | |
References | () http://rhn.redhat.com/errata/RHSA-2014-1626.html - |
Information
Published : 2014-10-08 10:55
Updated : 2024-02-28 12:20
NVD link : CVE-2014-3197
Mitre link : CVE-2014-3197
CVE.ORG link : CVE-2014-3197
JSON object : View
Products Affected
- chrome
redhat
- enterprise_linux_server_supplementary_eus
- enterprise_linux_server_supplementary
- enterprise_linux_workstation_supplementary
- enterprise_linux_desktop_supplementary
CWE
CWE-264
Permissions, Privileges, and Access Controls