CVE-2014-3172

The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as demonstrated by a chrome:// URL.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://src.chromium.org/viewvc/chrome?revision=280354&view=revision	Patch
https://crbug.com/367567
http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html	Vendor Advisory
http://www.securitytracker.com/id/1030767
http://www.debian.org/security/2014/dsa-3039
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html
http://www.securityfocus.com/bid/69401
http://security.gentoo.org/glsa/glsa-201408-16.xml
http://secunia.com/advisories/61482
http://secunia.com/advisories/60268
https://exchange.xforce.ibmcloud.com/vulnerabilities/95472

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:google:chrome:37.0.2062.11:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.12:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.19:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.2:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.27:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.28:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.34:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.35:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.45:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.46:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.53:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.49:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.60:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.31:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.76:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.16:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.69:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.4:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.77:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.5:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.0:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.23:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.54:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.22:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.61:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.30:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.68:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.50:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.15:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.90:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.39:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.24:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.91:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.44:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.51:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.48:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.78:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.14:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.25:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.36:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.59:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.81:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.73:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.3:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.33:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.29:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.10:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.17:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.58:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.64:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.8:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.7:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.57:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.62:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.70:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.20:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.63:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.52:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.26:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.72:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.92:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.56:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.43:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.6:::::::*
cpe:2.3:a:google:chrome:37.0.2062.37:::::::*
cpe:2.3:a:google:chrome:37.0.2062.71:::::::*
cpe:2.3:a:google:chrome:37.0.2062.18:::::::*
cpe:2.3:a:google:chrome:37.0.2062.32:::::::*
cpe:2.3:a:google:chrome::::::::
cpe:2.3:a:google:chrome:37.0.2062.80:::::::*
cpe:2.3:a:google:chrome:37.0.2062.47:::::::*
cpe:2.3:a:google:chrome:37.0.2062.55:::::::*
cpe:2.3:a:google:chrome:37.0.2062.66:::::::*
cpe:2.3:a:google:chrome:37.0.2062.13:::::::*
cpe:2.3:a:google:chrome:37.0.2062.21:::::::*
cpe:2.3:a:google:chrome:37.0.2062.65:::::::*
cpe:2.3:a:google:chrome:37.0.2062.1:::::::*
cpe:2.3:a:google:chrome:37.0.2062.67:::::::*
cpe:2.3:a:google:chrome:37.0.2062.9:::::::*
cpe:2.3:a:google:chrome:37.0.2062.75:::::::*
cpe:2.3:a:google:chrome:37.0.2062.89:::::::*
cpe:2.3:a:google:chrome:37.0.2062.74:::::::*

Information

Published : 2014-08-26 18:55

Updated : 2017-08-28 18:34

NVD link : CVE-2014-3172

Mitre link : CVE-2014-3172

JSON object : View

CWE

CWE-264

Permissions, Privileges, and Access Controls

Products Affected

google

chrome

6.4 /10