[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-3160Date: (C)2014-08-15   (M)2023-12-22


The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
SECUNIA-60061
SECUNIA-60372
BID-68677
DSA-3039
GLSA-201408-16
IAVM:2014-B-0100
http://googlechromereleases.blogspot.com/2014/07/stable-channel-update.html
https://code.google.com/p/chromium/issues/detail?id=380885
https://src.chromium.org/viewvc/blink?revision=176084&view=revision

CPE    2
cpe:/o:debian:debian_linux:8.0
cpe:/o:debian:debian_linux:7.0
CWE    1
CWE-264
OVAL    11
oval:org.secpod.oval:def:20588
oval:org.secpod.oval:def:20587
oval:org.secpod.oval:def:20584
oval:org.secpod.oval:def:20582
...

© SecPod Technologies