CVE-2014-1716 — Code Injection in Google Chrome

CWE-94 — Code Injection CWE-79 — Cross-site Scripting5 documents5 sources

Severity

7.5HIGHNVD

EPSS

1.1%

top 22.26%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Debian Linux Opensuse

Timeline

PublishedApr 9

Latest updateMay 14

Description

Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDgoogle/chrome34.0.1847.115

▶NVDopensuse/opensuse12.3, 13.1+1

Also affects: Debian Linux 7.0, 8.0

🔴Vulnerability Details

GHSA

GHSA-r863-653f-pw4g: Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime↗2022-05-14

▶

OSV

CVE-2014-1716: Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime↗2014-04-09

▶

📋Vendor Advisories

Red Hat

v8: cross-site scripting flaw in Runtime_SetPrototype()↗2014-03-20

▶

💬Community

Bugzilla

CVE-2014-1716 v8: cross-site scripting flaw in Runtime_SetPrototype()↗2014-04-10

▶