Vulnerability CVE-2014-3188


Published: 2014-10-08

Description:
Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in json-parser.h.

CVSS2 => (AV:N/AC:L/Au:N/C:C/I:C/A:C)

CVSS Base Score
Impact Subscore
Exploitability Subscore
10/10
10/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Complete
Complete
Complete
Affected software
Redhat -> Enterprise linux desktop supplementary 
Redhat -> Enterprise linux server supplementary 
Redhat -> Enterprise linux server supplementary eus 
Redhat -> Enterprise linux workstation supplementary 
Google -> Chrome 
Google -> Chrome os 

 References:
http://googlechromereleases.blogspot.com/2014/10/stable-channel-update-for-chrome-os.html
http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html
http://rhn.redhat.com/errata/RHSA-2014-1626.html
https://code.google.com/p/v8/source/detail?r=24125
https://crbug.com/416449

Copyright 2024, cxsecurity.com

 

Back to Top