Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2014-3197

The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site.

Published

2014-10-08T10:55:06.690

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-264
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application google chrome ≤ 38.0.2125.7 Yes
Operating System redhat enterprise_linux_desktop_supplementary 6.0 Yes
Operating System redhat enterprise_linux_server_supplementary 6.0 Yes
Operating System redhat enterprise_linux_server_supplementary_eus 6.6.z Yes
Operating System redhat enterprise_linux_workstation_supplementary 6.0 Yes
References