4.3

CVE-2014-3166

The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleChrome Version < 36.0.1985.143
   ApplemacOS X Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
GoogleChrome Version < 36.0.1985.135
   GoogleAndroid Version-
DebianDebian Linux Version7.0
DebianDebian Linux Version8.0
GoogleChrome Version < 36.0.1985.57
   AppleiPhone OS Version-
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.48% 0.706
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://security.gentoo.org/glsa/glsa-201408-16.xml
http://www.debian.org/security/2014/dsa-3039
http://secunia.com/advisories/59904
http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html
http://secunia.com/advisories/60798
http://www.securitytracker.com/id/1030732
http://googlechromereleases.blogspot.com/2014/08/chrome-for-android-update.html
http://googlechromereleases.blogspot.com/2014/08/chrome-for-ios-update.html
http://secunia.com/advisories/59693
http://secunia.com/advisories/60685
http://www.ietf.org/mail-archive/web/tls/current/msg13345.html
http://www.securityfocus.com/bid/69202
https://code.google.com/p/chromium/issues/detail?id=398925
https://src.chromium.org/viewvc/chrome?revision=286598&view=revision
https://src.chromium.org/viewvc/chrome?revision=288435&view=revision