CVE-2014-3172

Опубликовано: 27 авг. 2014

Источник: nvd

CVSS2: 6.4

EPSS Низкий

Описание

The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as demonstrated by a chrome:// URL.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Версия до 37.0.2062.93 (включая)

cpe:2.3:a:google:chrome:37.0.2062.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.3:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.4:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.5:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.6:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.7:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.8:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.9:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.10:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.11:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.12:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.13:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.14:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.15:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.16:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.17:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.18:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.19:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.20:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.21:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.22:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.23:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.24:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.25:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.26:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.27:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.28:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.29:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.30:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.31:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.32:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.33:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.34:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.35:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.36:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.37:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.39:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.43:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.44:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.45:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.46:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.47:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.48:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.49:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.50:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.51:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.52:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.53:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.54:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.55:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.56:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.57:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.58:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.59:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.60:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.61:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.62:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.63:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.64:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.65:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.66:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.67:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.68:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.69:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.70:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.71:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.72:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.73:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.74:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.75:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.76:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.77:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.78:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.80:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.81:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.89:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.90:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.91:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:37.0.2062.92:*:*:*:*:*:*:*

EPSS

Процентиль: 64%

0.0048

Низкий

6.4 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

CVE-2014-3172

ubuntu

около 11 лет назад

CVE-2014-3172

debian

около 11 лет назад

The Debugger extension API in browser/extensions/api/debugger/debugger ...

GHSA-5x9g-x8x2-c437

github

больше 3 лет назад

BDU:2015-00236

fstec

около 11 лет назад

Уязвимость браузера Google Chrome, позволяющая удаленному злоумышленнику нарушить конфиденциальность и целостность защищаемой информации

EPSS

Процентиль: 64%

0.0048

Низкий

6.4 Medium

CVSS2

Дефекты

CWE-264