Vulnerability Details : CVE-2014-7899
Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string.
Vulnerability category: Input validation
Products affected by CVE-2014-7899
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-7899
0.62%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-7899
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2014-7899
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-7899
-
http://www.securityfocus.com/bid/71160
Google Chrome CVE-2014-7899 Unspecified Address Bar Spoofing Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/98787
Google Chrome address bar spoofing CVE-2014-7899 Vulnerability Report
-
http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
https://code.google.com/p/chromium/issues/detail?id=389734
389734 - Security: You can spoof any domain in the URL bar - chromium - Monorail
-
http://www.securitytracker.com/id/1031241
Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code and Obtain Information - SecurityTracker
-
https://src.chromium.org/viewvc/chrome?revision=279232&view=revision
[chrome] Revision 279232
-
http://rhn.redhat.com/errata/RHSA-2014-1894.html
RHSA-2014:1894 - Security Advisory - Red Hat Customer Portal
Jump to