CVE-2014-3160Google Chrome vulnerability

CWE-2645 documents4 sources
Severity
6.8MEDIUMNVD
OSV7.8
EPSS
0.6%
top 31.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Debian LinuxGoogle Chrome
Timeline
PublishedJul 20
Latest updateMay 17

Description

The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDgoogle/chrome103 versions+102

Also affects: Debian Linux 7.0, 8.0

🔴Vulnerability Details

3
GHSA
GHSA-rxrq-c9jp-32rm: The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher2022-05-17
OSV
oxide-qt vulnerabilities2014-07-23
OSV
CVE-2014-3160: The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher2014-07-20

📋Vendor Advisories

1
Ubuntu
Oxide vulnerabilities2014-07-23