Vulnerability Details : CVE-2014-1730
Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc.
Products affected by CVE-2014-1730
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-1730
0.48%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 75 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-1730
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:C/I:N/A:N |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2014-1730
-
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1730
-
http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html
openSUSE-SU-2014:0668-1: moderate: update for chromiumBroken Link
-
http://security.gentoo.org/glsa/glsa-201408-16.xml
Chromium: Multiple vulnerabilities (GLSA 201408-16) — Gentoo securityThird Party Advisory
-
https://code.google.com/p/chromium/issues/detail?id=354967
Inloggen - Google AccountsPermissions Required
-
https://code.google.com/p/v8/source/detail?r=20375
v8 - V8 JavaScript Engine - MonorailVendor Advisory
-
http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html
openSUSE-SU-2014:0669-1: moderate: update for chromiumBroken Link
-
http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
Chrome Releases: Stable Channel UpdateBroken Link;Release Notes;Vendor Advisory
-
https://code.google.com/p/v8/source/detail?r=20388
v8 - V8 JavaScript Engine - MonorailVendor Advisory
-
https://code.google.com/p/v8/source/detail?r=20595
v8 - V8 JavaScript Engine - MonorailVendor Advisory
-
http://www.debian.org/security/2014/dsa-2920
Debian -- Security Information -- DSA-2920-1 chromium-browserThird Party Advisory
-
https://code.google.com/p/v8/source/detail?r=20377
v8 - V8 JavaScript Engine - MonorailVendor Advisory
-
http://secunia.com/advisories/60372
Sign inBroken Link
-
https://code.google.com/p/v8/source/detail?r=20593
v8 - V8 JavaScript Engine - MonorailVendor Advisory
Jump to