The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute.
References
Link | Resource |
---|---|
http://blog.guya.net/2014/04/07/to-listen-without-consent-abusing-the-html5-speech/ | Exploit |
http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html | Vendor Advisory |
http://secunia.com/advisories/60372 | |
http://www.securityfocus.com/bid/67582 | Third Party Advisory VDB Entry |
https://code.google.com/p/chromium/issues/detail?id=360448 | Exploit |
https://src.chromium.org/viewvc/blink?revision=171373&view=revision | Vendor Advisory |
http://blog.guya.net/2014/04/07/to-listen-without-consent-abusing-the-html5-speech/ | Exploit |
http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html | Vendor Advisory |
http://secunia.com/advisories/60372 | |
http://www.securityfocus.com/bid/67582 | Third Party Advisory VDB Entry |
https://code.google.com/p/chromium/issues/detail?id=360448 | Exploit |
https://src.chromium.org/viewvc/blink?revision=171373&view=revision | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 02:08
Type | Values Removed | Values Added |
---|---|---|
References | () http://blog.guya.net/2014/04/07/to-listen-without-consent-abusing-the-html5-speech/ - Exploit | |
References | () http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html - Vendor Advisory | |
References | () http://secunia.com/advisories/60372 - | |
References | () http://www.securityfocus.com/bid/67582 - Third Party Advisory, VDB Entry | |
References | () https://code.google.com/p/chromium/issues/detail?id=360448 - Exploit | |
References | () https://src.chromium.org/viewvc/blink?revision=171373&view=revision - Vendor Advisory |
Information
Published : 2014-05-21 11:14
Updated : 2024-11-21 02:08
NVD link : CVE-2014-3803
Mitre link : CVE-2014-3803
CVE.ORG link : CVE-2014-3803
JSON object : View
Products Affected
- chrome
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor