CVE-2014-3201Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.2%
top 55.76%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedOct 10
Latest updateMay 17

Description

core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows remote attackers to spoof content via a crafted web site that interferes with the scrollbar.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDgoogle/chrome38.0.2125.101

🔴Vulnerability Details

2
GHSA
GHSA-26m6-4q8m-5vcm: core/rendering/compositing/RenderLayerCompositor2022-05-17
OSV
CVE-2014-3201: core/rendering/compositing/RenderLayerCompositor2014-10-10