Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1747

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-1747
Last Modified 18 Jun 2014 12:31:03
Published 21 May 2014 07:14:09
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-1747

Summary

Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka "Universal XSS (UXSS)."

Vulnerable Systems

Application

  • Google Chrome 35.0.1916.0

  • Google Chrome 35.0.1916.1

  • Google Chrome 35.0.1916.10

  • Google Chrome 35.0.1916.101

  • Google Chrome 35.0.1916.103

  • Google Chrome 35.0.1916.104

  • Google Chrome 35.0.1916.105

  • Google Chrome 35.0.1916.106

  • Google Chrome 35.0.1916.107

  • Google Chrome 35.0.1916.108

  • Google Chrome 35.0.1916.109

  • Google Chrome 35.0.1916.11

  • Google Chrome 35.0.1916.110

  • Google Chrome 35.0.1916.111

  • Google Chrome 35.0.1916.112

  • Google Chrome 35.0.1916.113

  • Google Chrome 35.0.1916.13

  • Google Chrome 35.0.1916.14

  • Google Chrome 35.0.1916.15

  • Google Chrome 35.0.1916.17

  • Google Chrome 35.0.1916.18

  • Google Chrome 35.0.1916.19

  • Google Chrome 35.0.1916.2

  • Google Chrome 35.0.1916.20

  • Google Chrome 35.0.1916.21

  • Google Chrome 35.0.1916.22

  • Google Chrome 35.0.1916.23

  • Google Chrome 35.0.1916.27

  • Google Chrome 35.0.1916.3

  • Google Chrome 35.0.1916.31

  • Google Chrome 35.0.1916.32

  • Google Chrome 35.0.1916.33

  • Google Chrome 35.0.1916.34

  • Google Chrome 35.0.1916.35

  • Google Chrome 35.0.1916.36

  • Google Chrome 35.0.1916.37

  • Google Chrome 35.0.1916.38

  • Google Chrome 35.0.1916.39

  • Google Chrome 35.0.1916.4

  • Google Chrome 35.0.1916.40

  • Google Chrome 35.0.1916.41

  • Google Chrome 35.0.1916.42

  • Google Chrome 35.0.1916.43

  • Google Chrome 35.0.1916.44

  • Google Chrome 35.0.1916.45

  • Google Chrome 35.0.1916.46

  • Google Chrome 35.0.1916.47

  • Google Chrome 35.0.1916.48

  • Google Chrome 35.0.1916.49

  • Google Chrome 35.0.1916.5

  • Google Chrome 35.0.1916.51

  • Google Chrome 35.0.1916.52

  • Google Chrome 35.0.1916.54

  • Google Chrome 35.0.1916.56

  • Google Chrome 35.0.1916.57

  • Google Chrome 35.0.1916.59

  • Google Chrome 35.0.1916.6

  • Google Chrome 35.0.1916.61

  • Google Chrome 35.0.1916.68

  • Google Chrome 35.0.1916.69

  • Google Chrome 35.0.1916.7

  • Google Chrome 35.0.1916.71

  • Google Chrome 35.0.1916.72

  • Google Chrome 35.0.1916.74

  • Google Chrome 35.0.1916.77

  • Google Chrome 35.0.1916.8

  • Google Chrome 35.0.1916.80

  • Google Chrome 35.0.1916.82

  • Google Chrome 35.0.1916.84

  • Google Chrome 35.0.1916.85

  • Google Chrome 35.0.1916.86

  • Google Chrome 35.0.1916.88

  • Google Chrome 35.0.1916.9

  • Google Chrome 35.0.1916.90

  • Google Chrome 35.0.1916.92

  • Google Chrome 35.0.1916.93

  • Google Chrome 35.0.1916.95

  • Google Chrome 35.0.1916.96

  • Google Chrome 35.0.1916.98

  • Google Chrome 35.0.1916.99


References

CONFIRM - https://src.chromium.org/viewvc/blink?revision=169499&view=revision

CONFIRM - https://code.google.com/p/chromium/issues/detail?id=330663

CONFIRM - http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html

SECTRACK - 1030270

SECUNIA - 59155

SECUNIA - 58920

Related Patches

Google Chrome 35.0.1916.114 for Windows (Update) (All Languages) (See Notes)


Last Updated: 27 May 2016 11:05:20