SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2014-1731

core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4

CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL

Reference:

SECUNIA-58301

SECUNIA-60372

BID-67572

APPLE-SA-2014-05-21-1

APPLE-SA-2014-06-30-3

APPLE-SA-2014-06-30-4

DSA-2920

GLSA-201408-16

IAVM:2014-B-0049

http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html

http://support.apple.com/kb/HT6254

https://code.google.com/p/chromium/issues/detail?id=349903

https://src.chromium.org/viewvc/blink?revision=171216&view=revision

https://support.apple.com/kb/HT6537

openSUSE-SU-2014:0668

openSUSE-SU-2014:0669


30479



423868



248038



909



194772



282