Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-3188

Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in json-parser.h.

Published

2014-10-08T10:55:06.190

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 10.0 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: COMPLETE
  • Integrity Impact: COMPLETE
  • Availability Impact: COMPLETE
Exploitability Score

10.0

Impact Score

10.0

Weaknesses
  • Type: Primary
    CWE-94
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System google chrome_os ≤ 38.0.2125.77 Yes
Application google chrome ≤ 38.0.2125.7 Yes
Operating System redhat enterprise_linux_desktop_supplementary 6.0 Yes
Operating System redhat enterprise_linux_server_supplementary 6.0 Yes
Operating System redhat enterprise_linux_server_supplementary_eus 6.6.z Yes
Operating System redhat enterprise_linux_workstation_supplementary 6.0 Yes
References