CVE-2014-3173Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
5.0MEDIUMNVD
OSV7.5
EPSS
2.2%
top 15.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedAug 27
Latest updateMay 17

Description

The WebGL implementation in Google Chrome before 37.0.2062.94 does not ensure that clear calls interact properly with the state of a draw buffer, which allows remote attackers to cause a denial of service (read of uninitialized memory) via a crafted CANVAS element, related to gpu/command_buffer/service/framebuffer_manager.cc and gpu/command_buffer/service/gles2_cmd_decoder.cc.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDgoogle/chrome37.0.2062.93+81

🔴Vulnerability Details

3
GHSA
GHSA-mjhq-xr9f-2qj2: The WebGL implementation in Google Chrome before 372022-05-17
OSV
oxide-qt vulnerabilities2014-09-02
OSV
CVE-2014-3173: The WebGL implementation in Google Chrome before 372014-08-26

📋Vendor Advisories

1
Ubuntu
Oxide vulnerabilities2014-09-02