Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1730

Overview

Vulnerability Score 7.8 7.8
CVE Id CVE-2014-1730
Last Modified 23 May 2014 12:07:01
Published 26 Apr 2014 06:55:05
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-1730

Summary

Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc.

Vulnerable Systems

Application

  • Google Chrome 34.0.1847.130

  • Google Chrome 34.0.1847.131


References

CONFIRM - https://code.google.com/p/v8/source/detail?r=20595

CONFIRM - https://code.google.com/p/v8/source/detail?r=20593

CONFIRM - https://code.google.com/p/v8/source/detail?r=20388

CONFIRM - https://code.google.com/p/v8/source/detail?r=20377

CONFIRM - https://code.google.com/p/v8/source/detail?r=20375

CONFIRM - https://code.google.com/p/chromium/issues/detail?id=354967

CONFIRM - http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html

SECUNIA - 58301

DEBIAN - DSA-2920

SUSE - openSUSE-SU-2014:0669

SUSE - openSUSE-SU-2014:0668

Related Patches

Google Chrome 34.0.1847.131 for Windows (Update) (All Languages) (See Notes)


Last Updated: 27 May 2016 11:05:21