7.5
CVE-2014-1733
- EPSS 1.67%
- Veröffentlicht 26.04.2014 10:55:05
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle chrome-cve-admin@google.com
- CVE-Watchlists
- Unerledigt
The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandbox restrictions by leveraging renderer access.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.67% | 0.74 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://security.gentoo.org/glsa/glsa-201408-16.xml
http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html
http://secunia.com/advisories/58301
http://www.debian.org/security/2014/dsa-2920
https://code.google.com/p/chromium/issues/detail?id=351103
https://src.chromium.org/viewvc/chrome?revision=260157&view=revision