CVE-2014-3176 — Code Injection in Google Chrome

CWE-94 — Code Injection8 documents4 sources

Severity

10.0CRITICALNVD

EPSS

23.4%

top 4.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedAug 27

Latest updateMay 17

Description

Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3177.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDgoogle/chrome37.0.2062.93+81

🔴Vulnerability Details

GHSA

GHSA-2c22-7f4c-fw6q: Google Chrome before 37↗2022-05-17

▶

GHSA

GHSA-h5p3-xphh-6569: Google Chrome before 37↗2022-05-17

▶

OSV

CVE-2014-3176: Google Chrome before 37↗2014-08-27

▶

OSV

CVE-2014-3177: Google Chrome before 37↗2014-08-27

▶

📄Research Papers

arXiv

SOK: On the Analysis of Web Browser Security↗2021-12-31

▶

arXiv

Rethinking Misalignment to Raise the Bar for Heap Pointer Corruption↗2018-08-08

▶