CVE-2014-1748

The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame.

Affected Software

Name	Vendor	Start Version	End Version
Chrome	Google	35.0.1916.0	35.0.1916.0
Chrome	Google	35.0.1916.1	35.0.1916.1
Chrome	Google	35.0.1916.2	35.0.1916.2
Chrome	Google	35.0.1916.3	35.0.1916.3
Chrome	Google	35.0.1916.4	35.0.1916.4
Chrome	Google	35.0.1916.5	35.0.1916.5
Chrome	Google	35.0.1916.6	35.0.1916.6
Chrome	Google	35.0.1916.7	35.0.1916.7
Chrome	Google	35.0.1916.8	35.0.1916.8
Chrome	Google	35.0.1916.9	35.0.1916.9
Chrome	Google	35.0.1916.10	35.0.1916.10
Chrome	Google	35.0.1916.11	35.0.1916.11
Chrome	Google	35.0.1916.13	35.0.1916.13
Chrome	Google	35.0.1916.14	35.0.1916.14
Chrome	Google	35.0.1916.15	35.0.1916.15
Chrome	Google	35.0.1916.17	35.0.1916.17
Chrome	Google	35.0.1916.18	35.0.1916.18
Chrome	Google	35.0.1916.19	35.0.1916.19
Chrome	Google	35.0.1916.20	35.0.1916.20
Chrome	Google	35.0.1916.21	35.0.1916.21
Chrome	Google	35.0.1916.22	35.0.1916.22
Chrome	Google	35.0.1916.23	35.0.1916.23
Chrome	Google	35.0.1916.27	35.0.1916.27
Chrome	Google	35.0.1916.31	35.0.1916.31
Chrome	Google	35.0.1916.32	35.0.1916.32
Chrome	Google	35.0.1916.33	35.0.1916.33
Chrome	Google	35.0.1916.34	35.0.1916.34
Chrome	Google	35.0.1916.35	35.0.1916.35
Chrome	Google	35.0.1916.36	35.0.1916.36
Chrome	Google	35.0.1916.37	35.0.1916.37
Chrome	Google	35.0.1916.38	35.0.1916.38
Chrome	Google	35.0.1916.39	35.0.1916.39
Chrome	Google	35.0.1916.40	35.0.1916.40
Chrome	Google	35.0.1916.41	35.0.1916.41
Chrome	Google	35.0.1916.42	35.0.1916.42
Chrome	Google	35.0.1916.43	35.0.1916.43
Chrome	Google	35.0.1916.44	35.0.1916.44
Chrome	Google	35.0.1916.45	35.0.1916.45
Chrome	Google	35.0.1916.46	35.0.1916.46
Chrome	Google	35.0.1916.47	35.0.1916.47
Chrome	Google	35.0.1916.48	35.0.1916.48
Chrome	Google	35.0.1916.49	35.0.1916.49
Chrome	Google	35.0.1916.51	35.0.1916.51
Chrome	Google	35.0.1916.52	35.0.1916.52
Chrome	Google	35.0.1916.54	35.0.1916.54
Chrome	Google	35.0.1916.56	35.0.1916.56
Chrome	Google	35.0.1916.57	35.0.1916.57
Chrome	Google	35.0.1916.59	35.0.1916.59
Chrome	Google	35.0.1916.61	35.0.1916.61
Chrome	Google	35.0.1916.68	35.0.1916.68
Chrome	Google	35.0.1916.69	35.0.1916.69
Chrome	Google	35.0.1916.71	35.0.1916.71
Chrome	Google	35.0.1916.72	35.0.1916.72
Chrome	Google	35.0.1916.74	35.0.1916.74
Chrome	Google	35.0.1916.77	35.0.1916.77
Chrome	Google	35.0.1916.80	35.0.1916.80
Chrome	Google	35.0.1916.82	35.0.1916.82
Chrome	Google	35.0.1916.84	35.0.1916.84
Chrome	Google	35.0.1916.85	35.0.1916.85
Chrome	Google	35.0.1916.86	35.0.1916.86
Chrome	Google	35.0.1916.88	35.0.1916.88
Chrome	Google	35.0.1916.90	35.0.1916.90
Chrome	Google	35.0.1916.92	35.0.1916.92
Chrome	Google	35.0.1916.93	35.0.1916.93
Chrome	Google	35.0.1916.95	35.0.1916.95
Chrome	Google	35.0.1916.96	35.0.1916.96
Chrome	Google	35.0.1916.98	35.0.1916.98
Chrome	Google	35.0.1916.99	35.0.1916.99
Chrome	Google	35.0.1916.101	35.0.1916.101
Chrome	Google	35.0.1916.103	35.0.1916.103
Chrome	Google	35.0.1916.104	35.0.1916.104
Chrome	Google	35.0.1916.105	35.0.1916.105
Chrome	Google	35.0.1916.106	35.0.1916.106
Chrome	Google	35.0.1916.107	35.0.1916.107
Chrome	Google	35.0.1916.108	35.0.1916.108
Chrome	Google	35.0.1916.109	35.0.1916.109
Chrome	Google	35.0.1916.110	35.0.1916.110
Chrome	Google	35.0.1916.111	35.0.1916.111
Chrome	Google	35.0.1916.112	35.0.1916.112
Chrome	Google	*	35.0.1916.113
Chromium-browser	Ubuntu	devel	*
Chromium-browser	Ubuntu	lucid	*
Chromium-browser	Ubuntu	precise	*
Chromium-browser	Ubuntu	saucy	*
Chromium-browser	Ubuntu	trusty	*
Chromium-browser	Ubuntu	upstream	*
Oxide-qt	Ubuntu	devel	*
Oxide-qt	Ubuntu	trusty	*
Oxide-qt	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-1748
CWE	https://cwe.mitre.org/data/definitions/NVD-noinfo.html

Affected Software

References