CVE-2014-7899

EPSS 0.56%
Veröffentlicht 19.11.2014 11:59:00
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle chrome-cve-admin@google.com
CVE-Watchlists
Login
Unerledigt
Login

Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Chrome Version <= 38.0.2125.7

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.56%	0.657

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html

http://rhn.redhat.com/errata/RHSA-2014-1894.html

http://secunia.com/advisories/60194

http://www.securityfocus.com/bid/71160

http://www.securitytracker.com/id/1031241

https://code.google.com/p/chromium/issues/detail?id=389734

https://exchange.xforce.ibmcloud.com/vulnerabilities/98787

https://src.chromium.org/viewvc/chrome?revision=279232&view=revision

https://nvd.nist.gov/vuln/detail/CVE-2014-7899

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2014-7899

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2014-7899

EUVD