CVE-2014-3172Google Chrome vulnerability

CWE-2643 documents3 sources
Severity
6.4MEDIUMNVD
EPSS
0.5%
top 34.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedAug 27
Latest updateMay 17

Description

The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as demonstrated by a chrome:// URL.

CVSS vector

AV:N/AC:L/C:P/I:P/A:NExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

NVDgoogle/chrome37.0.2062.93+81

🔴Vulnerability Details

2
GHSA
GHSA-5x9g-x8x2-c437: The Debugger extension API in browser/extensions/api/debugger/debugger_api2022-05-17
OSV
CVE-2014-3172: The Debugger extension API in browser/extensions/api/debugger/debugger_api2014-08-27