CVE-2014-3197 — Sensitive Information Exposure in Google Chrome

CWE-264 CWE-200 — Sensitive Information Exposure7 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

0.3%

top 45.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Redhat Enterprise Linux Desktop Supplementary Redhat Enterprise Linux Server Supplementary +2 more

Timeline

PublishedOct 8

Latest updateMay 17

Description

The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶NVDgoogle/chrome38.0.2125.7

▶NVDredhat/enterprise_linux_desktop_supplementary6.0

▶NVDredhat/enterprise_linux_workstation_supplementary6.0

Also affects: Enterprise Linux 6.0, 6.6.z

🔴Vulnerability Details

GHSA

GHSA-wmjx-mph9-7xgg: The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler↗2022-05-17

▶

OSV

CVE-2014-3197: The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler↗2014-10-08

▶

CVEList

CVE-2014-3197: The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler↗2014-10-08

▶

📋Vendor Advisories

Ubuntu

Oxide vulnerabilities↗2014-10-14

▶

Red Hat

chromium: information leak in XSS Auditor fixed in Chrome 38.0.2125.101↗2014-10-07

▶

💬Community

Bugzilla

CVE-2014-3197 chromium: information leak in XSS Auditor fixed in Chrome 38.0.2125.101↗2014-10-10

▶