CVE-2014-7899Improper Input Validation in Google Chrome

CWE-20Improper Input ValidationCWE-451User Interface (UI) Misrepresentation of Critical Information5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
0.6%
top 31.63%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedNov 19
Latest updateMay 17

Description

Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDgoogle/chrome38.0.2125.7

🔴Vulnerability Details

2
GHSA
GHSA-j433-h6rv-q7xm: Google Chrome before 382022-05-17
OSV
CVE-2014-7899: Google Chrome before 382014-11-19

📋Vendor Advisories

1
Red Hat
chromium-browser: Address bar spoofing2014-11-18

💬Community

1
Bugzilla
CVE-2014-7899 chromium-browser: Address bar spoofing2014-11-19