CVE-2014-7899

Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html
http://rhn.redhat.com/errata/RHSA-2014-1894.html
http://secunia.com/advisories/60194
http://www.securityfocus.com/bid/71160
http://www.securitytracker.com/id/1031241
https://code.google.com/p/chromium/issues/detail?id=389734
https://exchange.xforce.ibmcloud.com/vulnerabilities/98787
https://src.chromium.org/viewvc/chrome?revision=279232&view=revision
http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html
http://rhn.redhat.com/errata/RHSA-2014-1894.html
http://secunia.com/advisories/60194
http://www.securityfocus.com/bid/71160
http://www.securitytracker.com/id/1031241
https://code.google.com/p/chromium/issues/detail?id=389734
https://exchange.xforce.ibmcloud.com/vulnerabilities/98787
https://src.chromium.org/viewvc/chrome?revision=279232&view=revision

Configurations

Configuration 1 (hide)

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

History

21 Nov 2024, 02:18

Type	Values Removed	Values Added
References	~~() http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html -~~	() http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html -
References	~~() http://rhn.redhat.com/errata/RHSA-2014-1894.html -~~	() http://rhn.redhat.com/errata/RHSA-2014-1894.html -
References	~~() http://secunia.com/advisories/60194 -~~	() http://secunia.com/advisories/60194 -
References	~~() http://www.securityfocus.com/bid/71160 -~~	() http://www.securityfocus.com/bid/71160 -
References	~~() http://www.securitytracker.com/id/1031241 -~~	() http://www.securitytracker.com/id/1031241 -
References	~~() https://code.google.com/p/chromium/issues/detail?id=389734 -~~	() https://code.google.com/p/chromium/issues/detail?id=389734 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/98787 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/98787 -
References	~~() https://src.chromium.org/viewvc/chrome?revision=279232&view=revision -~~	() https://src.chromium.org/viewvc/chrome?revision=279232&view=revision -

07 Nov 2023, 02:21

Type	Values Removed	Values Added
References	~~(REDHAT) http://rhn.redhat.com/errata/RHSA-2014-1894.html -~~	() http://rhn.redhat.com/errata/RHSA-2014-1894.html -
References	~~(CONFIRM) http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html - Vendor Advisory~~	() http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html -
References	~~(SECUNIA) http://secunia.com/advisories/60194 -~~	() http://secunia.com/advisories/60194 -
References	~~(BID) http://www.securityfocus.com/bid/71160 -~~	() http://www.securityfocus.com/bid/71160 -
References	~~(CONFIRM) https://src.chromium.org/viewvc/chrome?revision=279232&view=revision -~~	() https://src.chromium.org/viewvc/chrome?revision=279232&view=revision -
References	~~(SECTRACK) http://www.securitytracker.com/id/1031241 -~~	() http://www.securitytracker.com/id/1031241 -
References	~~(XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/98787 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/98787 -
References	~~(CONFIRM) https://code.google.com/p/chromium/issues/detail?id=389734 -~~	() https://code.google.com/p/chromium/issues/detail?id=389734 -

Information

Published : 2014-11-19 11:59

Updated : 2024-11-21 02:18

NVD link : CVE-2014-7899

Mitre link : CVE-2014-7899

CVE.ORG link : CVE-2014-7899

JSON object : View

Products Affected

google

chrome

CWE

CWE-20

Improper Input Validation

5.0 /10