Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-1748

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-1748
Last Modified 11 Dec 2014 10:00:59
Published 21 May 2014 07:14:09
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-1748

Summary

The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame.

Vulnerable Systems

Application

  • Google Chrome 35.0.1916.0

  • Google Chrome 35.0.1916.1

  • Google Chrome 35.0.1916.10

  • Google Chrome 35.0.1916.101

  • Google Chrome 35.0.1916.103

  • Google Chrome 35.0.1916.104

  • Google Chrome 35.0.1916.105

  • Google Chrome 35.0.1916.106

  • Google Chrome 35.0.1916.107

  • Google Chrome 35.0.1916.108

  • Google Chrome 35.0.1916.109

  • Google Chrome 35.0.1916.11

  • Google Chrome 35.0.1916.110

  • Google Chrome 35.0.1916.111

  • Google Chrome 35.0.1916.112

  • Google Chrome 35.0.1916.113

  • Google Chrome 35.0.1916.13

  • Google Chrome 35.0.1916.14

  • Google Chrome 35.0.1916.15

  • Google Chrome 35.0.1916.17

  • Google Chrome 35.0.1916.18

  • Google Chrome 35.0.1916.19

  • Google Chrome 35.0.1916.2

  • Google Chrome 35.0.1916.20

  • Google Chrome 35.0.1916.21

  • Google Chrome 35.0.1916.22

  • Google Chrome 35.0.1916.23

  • Google Chrome 35.0.1916.27

  • Google Chrome 35.0.1916.3

  • Google Chrome 35.0.1916.31

  • Google Chrome 35.0.1916.32

  • Google Chrome 35.0.1916.33

  • Google Chrome 35.0.1916.34

  • Google Chrome 35.0.1916.35

  • Google Chrome 35.0.1916.36

  • Google Chrome 35.0.1916.37

  • Google Chrome 35.0.1916.38

  • Google Chrome 35.0.1916.39

  • Google Chrome 35.0.1916.4

  • Google Chrome 35.0.1916.40

  • Google Chrome 35.0.1916.41

  • Google Chrome 35.0.1916.42

  • Google Chrome 35.0.1916.43

  • Google Chrome 35.0.1916.44

  • Google Chrome 35.0.1916.45

  • Google Chrome 35.0.1916.46

  • Google Chrome 35.0.1916.47

  • Google Chrome 35.0.1916.48

  • Google Chrome 35.0.1916.49

  • Google Chrome 35.0.1916.5

  • Google Chrome 35.0.1916.51

  • Google Chrome 35.0.1916.52

  • Google Chrome 35.0.1916.54

  • Google Chrome 35.0.1916.56

  • Google Chrome 35.0.1916.57

  • Google Chrome 35.0.1916.59

  • Google Chrome 35.0.1916.6

  • Google Chrome 35.0.1916.61

  • Google Chrome 35.0.1916.68

  • Google Chrome 35.0.1916.69

  • Google Chrome 35.0.1916.7

  • Google Chrome 35.0.1916.71

  • Google Chrome 35.0.1916.72

  • Google Chrome 35.0.1916.74

  • Google Chrome 35.0.1916.77

  • Google Chrome 35.0.1916.8

  • Google Chrome 35.0.1916.80

  • Google Chrome 35.0.1916.82

  • Google Chrome 35.0.1916.84

  • Google Chrome 35.0.1916.85

  • Google Chrome 35.0.1916.86

  • Google Chrome 35.0.1916.88

  • Google Chrome 35.0.1916.9

  • Google Chrome 35.0.1916.90

  • Google Chrome 35.0.1916.92

  • Google Chrome 35.0.1916.93

  • Google Chrome 35.0.1916.95

  • Google Chrome 35.0.1916.96

  • Google Chrome 35.0.1916.98

  • Google Chrome 35.0.1916.99


References

CONFIRM - https://src.chromium.org/viewvc/blink?revision=170625&view=revision

CONFIRM - https://code.google.com/p/chromium/issues/detail?id=331168

CONFIRM - http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html

SECTRACK - 1030270

SECUNIA - 59155

SECUNIA - 58920

CONFIRM - http://support.apple.com/kb/HT6596

APPLE - APPLE-SA-2014-12-2-1

Related Patches

Google Chrome 35.0.1916.114 for Windows (Update) (All Languages) (See Notes)

Apple Safari 6.2.2 for Mac OS X (HT6597)

Apple Safari 7.1.2 for Mac OS X (HT6597)

Apple Safari 8.0.2 for Mac OS X (HT6597)


Last Updated: 27 May 2016 11:05:20