Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1716

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-1716
Last Modified 23 May 2014 12:06:59
Published 09 Apr 2014 06:56:51
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-1716

Summary

Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."

Vulnerable Systems

Application

  • Google Chrome 34.0.1847.115


References

CONFIRM - https://code.google.com/p/v8/source/detail?r=20138

CONFIRM - https://code.google.com/p/chromium/issues/detail?id=354123

CONFIRM - http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html

DEBIAN - DSA-2905

SUSE - openSUSE-SU-2014:0601

Related Patches

Google Chrome 34.0.1847.116 for Windows (Update) (All Languages) (See Notes)


Last Updated: 27 May 2016 11:05:20