CVE-2014-3160

EPSS 0.57%
Published 20.07.2014 11:12:50
Last modified 12.04.2025 10:46:40
Source chrome-cve-admin@google.com
Teams watchlist Login
Open Login

The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file.

Affected products Warnungen 0 Metrics 2 CWE 0 References 11

Data is provided by the National Vulnerability Database (NVD)

Debian ≫ Debian Linux Version7.0

Debian ≫ Debian Linux Version8.0

Google ≫ Chrome Version36.0.1985.1

Google ≫ Chrome Version36.0.1985.2

Google ≫ Chrome Version36.0.1985.3

Google ≫ Chrome Version36.0.1985.4

Google ≫ Chrome Version36.0.1985.5

Google ≫ Chrome Version36.0.1985.6

Google ≫ Chrome Version36.0.1985.8

Google ≫ Chrome Version36.0.1985.12

Google ≫ Chrome Version36.0.1985.13

Google ≫ Chrome Version36.0.1985.14

Google ≫ Chrome Version36.0.1985.15

Google ≫ Chrome Version36.0.1985.16

Google ≫ Chrome Version36.0.1985.17

Google ≫ Chrome Version36.0.1985.18

Google ≫ Chrome Version36.0.1985.19

Google ≫ Chrome Version36.0.1985.20

Google ≫ Chrome Version36.0.1985.21

Google ≫ Chrome Version36.0.1985.22

Google ≫ Chrome Version36.0.1985.23

Google ≫ Chrome Version36.0.1985.24

Google ≫ Chrome Version36.0.1985.25

Google ≫ Chrome Version36.0.1985.26

Google ≫ Chrome Version36.0.1985.27

Google ≫ Chrome Version36.0.1985.28

Google ≫ Chrome Version36.0.1985.29

Google ≫ Chrome Version36.0.1985.30

Google ≫ Chrome Version36.0.1985.31

Google ≫ Chrome Version36.0.1985.32

Google ≫ Chrome Version36.0.1985.33

Google ≫ Chrome Version36.0.1985.34

Google ≫ Chrome Version36.0.1985.35

Google ≫ Chrome Version36.0.1985.36

Google ≫ Chrome Version36.0.1985.37

Google ≫ Chrome Version36.0.1985.38

Google ≫ Chrome Version36.0.1985.39

Google ≫ Chrome Version36.0.1985.40

Google ≫ Chrome Version36.0.1985.41

Google ≫ Chrome Version36.0.1985.42

Google ≫ Chrome Version36.0.1985.43

Google ≫ Chrome Version36.0.1985.44

Google ≫ Chrome Version36.0.1985.45

Google ≫ Chrome Version36.0.1985.46

Google ≫ Chrome Version36.0.1985.47

Google ≫ Chrome Version36.0.1985.48

Google ≫ Chrome Version36.0.1985.49

Google ≫ Chrome Version36.0.1985.50

Google ≫ Chrome Version36.0.1985.51

Google ≫ Chrome Version36.0.1985.52

Google ≫ Chrome Version36.0.1985.53

Google ≫ Chrome Version36.0.1985.54

Google ≫ Chrome Version36.0.1985.55

Google ≫ Chrome Version36.0.1985.56

Google ≫ Chrome Version36.0.1985.57

Google ≫ Chrome Version36.0.1985.58

Google ≫ Chrome Version36.0.1985.59

Google ≫ Chrome Version36.0.1985.60

Google ≫ Chrome Version36.0.1985.61

Google ≫ Chrome Version36.0.1985.62

Google ≫ Chrome Version36.0.1985.63

Google ≫ Chrome Version36.0.1985.64

Google ≫ Chrome Version36.0.1985.65

Google ≫ Chrome Version36.0.1985.66

Google ≫ Chrome Version36.0.1985.67

Google ≫ Chrome Version36.0.1985.68

Google ≫ Chrome Version36.0.1985.69

Google ≫ Chrome Version36.0.1985.70

Google ≫ Chrome Version36.0.1985.72

Google ≫ Chrome Version36.0.1985.73

Google ≫ Chrome Version36.0.1985.74

Google ≫ Chrome Version36.0.1985.75

Google ≫ Chrome Version36.0.1985.76

Google ≫ Chrome Version36.0.1985.77

Google ≫ Chrome Version36.0.1985.78

Google ≫ Chrome Version36.0.1985.79

Google ≫ Chrome Version36.0.1985.81

Google ≫ Chrome Version36.0.1985.82

Google ≫ Chrome Version36.0.1985.83

Google ≫ Chrome Version36.0.1985.84

Google ≫ Chrome Version36.0.1985.85

Google ≫ Chrome Version36.0.1985.86

Google ≫ Chrome Version36.0.1985.87

Google ≫ Chrome Version36.0.1985.88

Google ≫ Chrome Version36.0.1985.89

Google ≫ Chrome Version36.0.1985.90

Google ≫ Chrome Version36.0.1985.91

Google ≫ Chrome Version36.0.1985.92

Google ≫ Chrome Version36.0.1985.93

Google ≫ Chrome Version36.0.1985.94

Google ≫ Chrome Version36.0.1985.95

Google ≫ Chrome Version36.0.1985.96

Google ≫ Chrome Version36.0.1985.97

Google ≫ Chrome Version36.0.1985.98

Google ≫ Chrome Version36.0.1985.99

Google ≫ Chrome Version36.0.1985.100

Google ≫ Chrome Version36.0.1985.101

Google ≫ Chrome Version36.0.1985.102

Google ≫ Chrome Version36.0.1985.103

Google ≫ Chrome Version36.0.1985.104

Google ≫ Chrome Version36.0.1985.105

Google ≫ Chrome Version36.0.1985.106

Google ≫ Chrome Version36.0.1985.122

Google ≫ Chrome Version36.0.1985.123

Google ≫ Chrome Version36.0.1985.124

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.57%	0.66

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

http://security.gentoo.org/glsa/glsa-201408-16.xml

http://secunia.com/advisories/60372

http://secunia.com/advisories/60061

http://googlechromereleases.blogspot.com/2014/07/stable-channel-update.html

http://www.debian.org/security/2014/dsa-3039

http://www.securityfocus.com/bid/68677

https://code.google.com/p/chromium/issues/detail?id=380885

https://src.chromium.org/viewvc/blink?revision=176084&view=revision

https://nvd.nist.gov/vuln/detail/CVE-2014-3160

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-3160

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-3160

EUVD