Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-9689

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2014-9689
Last Modified 09 Mar 2015 01:51:13
Published 08 Mar 2015 08:59:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-9689

Summary

content/renderer/device_sensors/device_orientation_event_pump.cc in Google Chrome before 41.0.2272.76 does not properly restrict access to high-rate gyroscope data, which makes it easier for remote attackers to obtain speech signals from a device's physical environment via a crafted web site that listens for ondeviceorientation events, a different vulnerability than CVE-2015-1231.

Vulnerable Systems

Application

  • Google Chrome 40.0.2214.115


References

MISC - https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/michalevsky

MISC - https://crypto.stanford.edu/gyrophone/files/gyromic.pdf

CONFIRM - https://code.google.com/p/chromium/issues/detail?id=463349

CONFIRM - https://code.google.com/p/chromium/issues/detail?id=421691

CONFIRM - http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html


Last Updated: 27 May 2016 11:08:00