CVE-2014-3159Improper Input Validation in Google Chrome

CWE-20Improper Input Validation2 documents2 sources
Severity
6.4MEDIUMNVD
EPSS
0.2%
top 55.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedJul 20
Latest updateMay 17

Description

The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote attackers to spoof the URL in the Omnibox via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

NVDgoogle/chrome36.0.1985.106+99

🔴Vulnerability Details

1
GHSA
GHSA-rc58-5p9r-j263: The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android2022-05-17