CVE-2014-3803

Опубликовано: 21 мая 2014

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute.

Ссылки

http://blog.guya.net/2014/04/07/to-listen-without-consent-abusing-the-html5-speech/
Exploit
http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html
Vendor Advisory
http://secunia.com/advisories/60372
http://www.securityfocus.com/bid/67582
Third Party Advisory
VDB Entry
https://code.google.com/p/chromium/issues/detail?id=360448
Exploit
https://src.chromium.org/viewvc/blink?revision=171373&view=revision
Vendor Advisory
http://blog.guya.net/2014/04/07/to-listen-without-consent-abusing-the-html5-speech/
Exploit
http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html
Vendor Advisory
http://secunia.com/advisories/60372
http://www.securityfocus.com/bid/67582
Third Party Advisory
VDB Entry
https://code.google.com/p/chromium/issues/detail?id=360448
Exploit
https://src.chromium.org/viewvc/blink?revision=171373&view=revision
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Версия до 35.0.1916.113 (включая)

cpe:2.3:a:google:chrome:35.0.1916.0:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.3:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.4:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.5:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.6:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.7:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.8:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.9:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.10:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.11:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.13:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.14:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.15:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.17:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.18:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.19:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.20:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.21:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.22:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.23:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.27:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.31:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.32:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.33:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.34:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.35:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.36:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.37:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.38:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.39:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.40:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.41:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.42:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.43:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.44:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.45:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.46:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.47:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.48:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.49:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.51:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.52:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.54:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.56:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.57:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.59:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.61:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.68:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.69:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.71:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.72:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.74:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.77:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.80:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.82:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.84:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.85:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.86:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.88:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.90:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.92:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.93:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.95:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.96:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.98:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.99:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.101:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.103:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.104:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.105:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.106:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.107:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.108:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.109:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.110:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.111:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:35.0.1916.112:*:*:*:*:*:*:*

EPSS

Процентиль: 71%

0.00682

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2014-3803

ubuntu

больше 11 лет назад

CVE-2014-3803

debian

больше 11 лет назад

The SpeechInput feature in Blink, as used in Google Chrome before 35.0 ...

GHSA-cq3j-mhjm-j845

github

больше 3 лет назад

EPSS

Процентиль: 71%

0.00682

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-200