CVE-2014-1730

Sažetak

Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc.

Reference

http://secunia.com/advisories/58301
http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
https://code.google.com/p/v8/source/detail?r=20388
http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html
https://code.google.com/p/v8/source/detail?r=20593
http://security.gentoo.org/glsa/glsa-201408-16.xml
http://secunia.com/advisories/60372
http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html
http://www.debian.org/security/2014/dsa-2920
https://code.google.com/p/v8/source/detail?r=20375
https://code.google.com/p/v8/source/detail?r=20595
https://code.google.com/p/chromium/issues/detail?id=354967
https://code.google.com/p/v8/source/detail?r=20377

CVSS

Base:	7.8
Impact:	6.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
COMPLETE	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:C/I:N/A:N

Zadnje važnije ažuriranje

07-11-2023 - 02:19

Objavljeno

26-04-2014 - 10:55