Vulnerability Details : CVE-2014-1733
The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandbox restrictions by leveraging renderer access.
Vulnerability category: Input validation
Products affected by CVE-2014-1733
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-1733
1.21%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-1733
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2014-1733
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1733
-
http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html
openSUSE-SU-2014:0668-1: moderate: update for chromiumBroken Link
-
http://security.gentoo.org/glsa/glsa-201408-16.xml
Chromium: Multiple vulnerabilities (GLSA 201408-16) — Gentoo securityThird Party Advisory
-
https://code.google.com/p/chromium/issues/detail?id=351103
Exploit;Issue Tracking;Mailing List;Vendor Advisory
-
http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html
openSUSE-SU-2014:0669-1: moderate: update for chromiumBroken Link
-
http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
Chrome Releases: Stable Channel UpdateBroken Link;Release Notes;Vendor Advisory
-
http://www.debian.org/security/2014/dsa-2920
Debian -- Security Information -- DSA-2920-1 chromium-browserThird Party Advisory
-
https://src.chromium.org/viewvc/chrome?revision=260157&view=revision
[chrome] Revision 260157Mailing List;Vendor Advisory
Jump to