CVE-2014-7905Improper Access Control in Google Chrome

CWE-284Improper Access Control5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
0.2%
top 56.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedNov 19
Latest updateMay 17

Description

Google Chrome before 39.0.2171.65 on Android does not prevent navigation to a URL in cases where an intent for the URL lacks CATEGORY_BROWSABLE, which allows remote attackers to bypass intended access restrictions via a crafted web site.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDgoogle/chrome39.0.2171.45

🔴Vulnerability Details

2
GHSA
GHSA-jwgh-94cg-cfg5: Google Chrome before 392022-05-17
OSV
CVE-2014-7905: Google Chrome before 392014-11-19

📋Vendor Advisories

1
Red Hat
chromium-browser: Flaw allowing navigation to intents that do not have the BROWSABLE category2014-11-18

💬Community

1
Bugzilla
CVE-2014-7905 chromium-browser: Flaw allowing navigation to intents that do not have the BROWSABLE category2014-11-19