Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2014-3197

Опубликовано: 07 окт. 2014
Источник: redhat
CVSS2: 4.3
EPSS Низкий

Описание

The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6webkitgtkNot affected
Red Hat Enterprise Linux 7webkitgtk3Not affected
Supplementary for Red Hat Enterprise Linux 6chromium-browserFixedRHSA-2014:162614.10.2014

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1151422chromium: information leak in XSS Auditor fixed in Chrome 38.0.2125.101

EPSS

Процентиль: 54%
0.00309
Низкий

4.3 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2014-3197

ubuntu
больше 11 лет назад

The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site.

nvd логотип

CVE-2014-3197

nvd
больше 11 лет назад

The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site.

debian логотип

CVE-2014-3197

debian
больше 11 лет назад

The NavigationScheduler::schedulePageBlock function in core/loader/Nav ...

github логотип

GHSA-wmjx-mph9-7xgg

github
больше 3 лет назад

The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site.

EPSS

Процентиль: 54%
0.00309
Низкий

4.3 Medium

CVSS2