The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute.
References
Link | Resource |
---|---|
https://src.chromium.org/viewvc/blink?revision=171373&view=revision | Vendor Advisory |
https://code.google.com/p/chromium/issues/detail?id=360448 | Exploit |
http://blog.guya.net/2014/04/07/to-listen-without-consent-abusing-the-html5-speech/ | Exploit |
http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html | Vendor Advisory |
http://www.securityfocus.com/bid/67582 | Third Party Advisory VDB Entry |
http://secunia.com/advisories/60372 |
Configurations
Configuration 1 (hide)
|
Information
Published : 2014-05-21 04:14
Updated : 2017-01-06 19:00
NVD link : CVE-2014-3803
Mitre link : CVE-2014-3803
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
- chrome