CVE-2014-3160

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2014-3160
The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file.

6.8 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability : 8.6 / Impact : 6.4

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://googlechromereleases.blogspot.com/2014/07/stable-channel-update.html Vendor Advisory
https://code.google.com/p/chromium/issues/detail?id=380885
https://src.chromium.org/viewvc/blink?revision=176084&view=revision Patch
http://www.debian.org/security/2014/dsa-3039
http://www.securityfocus.com/bid/68677
http://security.gentoo.org/glsa/glsa-201408-16.xml
http://secunia.com/advisories/60372
http://secunia.com/advisories/60061
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:google:chrome:36.0.1985.95:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.94:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.87:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.97:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.96:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.89:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.88:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.81:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.8:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.72:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.70:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.24:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.103:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.62:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.17:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.104:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.40:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.31:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.18:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.99:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.25:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.98:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.91:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.48:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.55:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.32:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.54:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.56:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.90:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.4:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.47:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.124:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.63:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.2:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.15:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.69:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.49:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.79:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.16:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.41:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.3:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.123:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.45:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.102:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.19:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.52:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.27:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.42:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.77:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.105:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.64:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.38:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.83:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.35:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.73:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.122:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.74:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.46:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.30:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.26:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.86:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.82:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.61:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.5:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.60:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.34:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.23:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.33:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.78:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.65:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.68:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.53:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.58:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.22:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.39:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.106:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.57:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.92:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.66:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.75:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.29:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.59:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.1:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.51:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.50:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.43:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.13:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.85:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.12:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.67:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.37:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.44:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.6:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.100:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.20:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.93:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.21:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.36:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.76:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.101:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.14:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.84:*:*:*:*:*:*:*
cpe:2.3:a:google:chrome:36.0.1985.28:*:*:*:*:*:*:*
Information

Published : 2014-07-20 04:12

Updated : 2017-01-06 18:59

NVD link : CVE-2014-3160

Mitre link : CVE-2014-3160

JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa
Products Affected

debian

  • debian_linux

google

  • chrome