CVE-2014-3170Google Chrome vulnerability

CWE-2643 documents3 sources
Severity
6.4MEDIUMNVD
EPSS
0.7%
top 28.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedAug 27
Latest updateMay 17

Description

extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '\0' character in a host name, which allows remote attackers to spoof the extension permission dialog by relying on truncation after this character.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

NVDgoogle/chrome37.0.2062.93+81

🔴Vulnerability Details

2
GHSA
GHSA-r235-v62q-qm9r: extensions/common/url_pattern2022-05-17
OSV
CVE-2014-3170: extensions/common/url_pattern2014-08-27