CVE-2014-3187

EPSS 0.61%
Veröffentlicht 08.10.2014 10:55:05
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle chrome-cve-admin@google.com
CVE-Watchlists
Login
Unerledigt
Login

Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted web site.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Chrome Version <= 37.0.2062.59

Google ≫ Chrome Version37.0.2062.0

Google ≫ Chrome Version37.0.2062.1

Google ≫ Chrome Version37.0.2062.2

Google ≫ Chrome Version37.0.2062.3

Google ≫ Chrome Version37.0.2062.4

Google ≫ Chrome Version37.0.2062.5

Google ≫ Chrome Version37.0.2062.6

Google ≫ Chrome Version37.0.2062.10

Google ≫ Chrome Version37.0.2062.11

Google ≫ Chrome Version37.0.2062.12

Google ≫ Chrome Version37.0.2062.13

Google ≫ Chrome Version37.0.2062.14

Google ≫ Chrome Version37.0.2062.15

Google ≫ Chrome Version37.0.2062.16

Google ≫ Chrome Version37.0.2062.17

Google ≫ Chrome Version37.0.2062.18

Google ≫ Chrome Version37.0.2062.19

Google ≫ Chrome Version37.0.2062.20

Google ≫ Chrome Version37.0.2062.21

Google ≫ Chrome Version37.0.2062.22

Google ≫ Chrome Version37.0.2062.23

Google ≫ Chrome Version37.0.2062.24

Google ≫ Chrome Version37.0.2062.25

Google ≫ Chrome Version37.0.2062.26

Google ≫ Chrome Version37.0.2062.27

Google ≫ Chrome Version37.0.2062.28

Google ≫ Chrome Version37.0.2062.29

Google ≫ Chrome Version37.0.2062.30

Google ≫ Chrome Version37.0.2062.31

Google ≫ Chrome Version37.0.2062.32

Google ≫ Chrome Version37.0.2062.33

Google ≫ Chrome Version37.0.2062.34

Google ≫ Chrome Version37.0.2062.35

Google ≫ Chrome Version37.0.2062.36

Google ≫ Chrome Version37.0.2062.37

Google ≫ Chrome Version37.0.2062.39

Google ≫ Chrome Version37.0.2062.43

Google ≫ Chrome Version37.0.2062.44

Google ≫ Chrome Version37.0.2062.45

Google ≫ Chrome Version37.0.2062.46

Google ≫ Chrome Version37.0.2062.47

Google ≫ Chrome Version37.0.2062.48

Google ≫ Chrome Version37.0.2062.49

Google ≫ Chrome Version37.0.2062.50

Google ≫ Chrome Version37.0.2062.51

Google ≫ Chrome Version37.0.2062.52

Google ≫ Chrome Version37.0.2062.53

Google ≫ Chrome Version37.0.2062.54

Google ≫ Chrome Version37.0.2062.55

Google ≫ Chrome Version37.0.2062.56

Google ≫ Chrome Version37.0.2062.57

Google ≫ Chrome Version37.0.2062.58

Google ≫ Chrome Version38.0.2125.7

Apple ≫ iPhone OS Version-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.61%	0.671

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

http://googlechromereleases.blogspot.com/2014/10/chrome-for-ios-update.html

http://twitter.com/S9Labs/statuses/519576582742999043

https://code.google.com/p/chromium/issues/detail?id=413831

https://medium.com/section-9-lab/abusing-ios-url-handlers-on-messages-96979e8b12f5

https://nvd.nist.gov/vuln/detail/CVE-2014-3187

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-3187

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-3187

EUVD