CVE-2014-9646Google Chrome vulnerability

CWE-2643 documents3 sources
Severity
4.6MEDIUMNVD
EPSS
0.0%
top 91.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedJan 27
Latest updateMay 17

Description

Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distribution.cc in the uninstall-survey feature in Google Chrome before 40.0.2214.91 allows local users to gain privileges via a Trojan horse program in the %SYSTEMDRIVE% directory, as demonstrated by program.exe, a different vulnerability than CVE-2015-1205.

CVSS vector

AV:L/AC:L/C:P/I:P/A:PExploitability: 3.9 | Impact: 6.4

Affected Packages1 packages

NVDgoogle/chrome40.0.2214.85

🔴Vulnerability Details

1
GHSA
GHSA-jq3p-55hr-jqv2: Unquoted Windows search path vulnerability in the GoogleChromeDistribution::DoPostUninstallOperations function in installer/util/google_chrome_distrib2022-05-17

💬Community

1
Bugzilla
CVE-2016-9646 ikiwiki: Commit metadata forgery2017-01-02