[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2014-3187Date: (C)2014-10-08   (M)2023-12-22


Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted web site.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.8
Exploit Score: 8.6
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
http://googlechromereleases.blogspot.com/2014/10/chrome-for-ios-update.html
http://twitter.com/S9Labs/statuses/519576582742999043
https://code.google.com/p/chromium/issues/detail?id=413831
https://medium.com/section-9-lab/abusing-ios-url-handlers-on-messages-96979e8b12f5

CPE    53
cpe:/a:google:chrome:37.0.2062.4
cpe:/a:google:chrome:37.0.2062.3
cpe:/a:google:chrome:37.0.2062.2
cpe:/a:google:chrome:37.0.2062.1
...
CWE    1
CWE-79

© SecPod Technologies