CVE Vulnerabilities

CVE-2014-3172

Published: Aug 27, 2014 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tabs URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as demonstrated by a chrome:// URL.

Affected Software

Name Vendor Start Version End Version
Chrome Google * 37.0.2062.93 (including)
Chrome Google 37.0.2062.0 (including) 37.0.2062.0 (including)
Chrome Google 37.0.2062.1 (including) 37.0.2062.1 (including)
Chrome Google 37.0.2062.2 (including) 37.0.2062.2 (including)
Chrome Google 37.0.2062.3 (including) 37.0.2062.3 (including)
Chrome Google 37.0.2062.4 (including) 37.0.2062.4 (including)
Chrome Google 37.0.2062.5 (including) 37.0.2062.5 (including)
Chrome Google 37.0.2062.6 (including) 37.0.2062.6 (including)
Chrome Google 37.0.2062.7 (including) 37.0.2062.7 (including)
Chrome Google 37.0.2062.8 (including) 37.0.2062.8 (including)
Chrome Google 37.0.2062.9 (including) 37.0.2062.9 (including)
Chrome Google 37.0.2062.10 (including) 37.0.2062.10 (including)
Chrome Google 37.0.2062.11 (including) 37.0.2062.11 (including)
Chrome Google 37.0.2062.12 (including) 37.0.2062.12 (including)
Chrome Google 37.0.2062.13 (including) 37.0.2062.13 (including)
Chrome Google 37.0.2062.14 (including) 37.0.2062.14 (including)
Chrome Google 37.0.2062.15 (including) 37.0.2062.15 (including)
Chrome Google 37.0.2062.16 (including) 37.0.2062.16 (including)
Chrome Google 37.0.2062.17 (including) 37.0.2062.17 (including)
Chrome Google 37.0.2062.18 (including) 37.0.2062.18 (including)
Chrome Google 37.0.2062.19 (including) 37.0.2062.19 (including)
Chrome Google 37.0.2062.20 (including) 37.0.2062.20 (including)
Chrome Google 37.0.2062.21 (including) 37.0.2062.21 (including)
Chrome Google 37.0.2062.22 (including) 37.0.2062.22 (including)
Chrome Google 37.0.2062.23 (including) 37.0.2062.23 (including)
Chrome Google 37.0.2062.24 (including) 37.0.2062.24 (including)
Chrome Google 37.0.2062.25 (including) 37.0.2062.25 (including)
Chrome Google 37.0.2062.26 (including) 37.0.2062.26 (including)
Chrome Google 37.0.2062.27 (including) 37.0.2062.27 (including)
Chrome Google 37.0.2062.28 (including) 37.0.2062.28 (including)
Chrome Google 37.0.2062.29 (including) 37.0.2062.29 (including)
Chrome Google 37.0.2062.30 (including) 37.0.2062.30 (including)
Chrome Google 37.0.2062.31 (including) 37.0.2062.31 (including)
Chrome Google 37.0.2062.32 (including) 37.0.2062.32 (including)
Chrome Google 37.0.2062.33 (including) 37.0.2062.33 (including)
Chrome Google 37.0.2062.34 (including) 37.0.2062.34 (including)
Chrome Google 37.0.2062.35 (including) 37.0.2062.35 (including)
Chrome Google 37.0.2062.36 (including) 37.0.2062.36 (including)
Chrome Google 37.0.2062.37 (including) 37.0.2062.37 (including)
Chrome Google 37.0.2062.39 (including) 37.0.2062.39 (including)
Chrome Google 37.0.2062.43 (including) 37.0.2062.43 (including)
Chrome Google 37.0.2062.44 (including) 37.0.2062.44 (including)
Chrome Google 37.0.2062.45 (including) 37.0.2062.45 (including)
Chrome Google 37.0.2062.46 (including) 37.0.2062.46 (including)
Chrome Google 37.0.2062.47 (including) 37.0.2062.47 (including)
Chrome Google 37.0.2062.48 (including) 37.0.2062.48 (including)
Chrome Google 37.0.2062.49 (including) 37.0.2062.49 (including)
Chrome Google 37.0.2062.50 (including) 37.0.2062.50 (including)
Chrome Google 37.0.2062.51 (including) 37.0.2062.51 (including)
Chrome Google 37.0.2062.52 (including) 37.0.2062.52 (including)
Chrome Google 37.0.2062.53 (including) 37.0.2062.53 (including)
Chrome Google 37.0.2062.54 (including) 37.0.2062.54 (including)
Chrome Google 37.0.2062.55 (including) 37.0.2062.55 (including)
Chrome Google 37.0.2062.56 (including) 37.0.2062.56 (including)
Chrome Google 37.0.2062.57 (including) 37.0.2062.57 (including)
Chrome Google 37.0.2062.58 (including) 37.0.2062.58 (including)
Chrome Google 37.0.2062.59 (including) 37.0.2062.59 (including)
Chrome Google 37.0.2062.60 (including) 37.0.2062.60 (including)
Chrome Google 37.0.2062.61 (including) 37.0.2062.61 (including)
Chrome Google 37.0.2062.62 (including) 37.0.2062.62 (including)
Chrome Google 37.0.2062.63 (including) 37.0.2062.63 (including)
Chrome Google 37.0.2062.64 (including) 37.0.2062.64 (including)
Chrome Google 37.0.2062.65 (including) 37.0.2062.65 (including)
Chrome Google 37.0.2062.66 (including) 37.0.2062.66 (including)
Chrome Google 37.0.2062.67 (including) 37.0.2062.67 (including)
Chrome Google 37.0.2062.68 (including) 37.0.2062.68 (including)
Chrome Google 37.0.2062.69 (including) 37.0.2062.69 (including)
Chrome Google 37.0.2062.70 (including) 37.0.2062.70 (including)
Chrome Google 37.0.2062.71 (including) 37.0.2062.71 (including)
Chrome Google 37.0.2062.72 (including) 37.0.2062.72 (including)
Chrome Google 37.0.2062.73 (including) 37.0.2062.73 (including)
Chrome Google 37.0.2062.74 (including) 37.0.2062.74 (including)
Chrome Google 37.0.2062.75 (including) 37.0.2062.75 (including)
Chrome Google 37.0.2062.76 (including) 37.0.2062.76 (including)
Chrome Google 37.0.2062.77 (including) 37.0.2062.77 (including)
Chrome Google 37.0.2062.78 (including) 37.0.2062.78 (including)
Chrome Google 37.0.2062.80 (including) 37.0.2062.80 (including)
Chrome Google 37.0.2062.81 (including) 37.0.2062.81 (including)
Chrome Google 37.0.2062.89 (including) 37.0.2062.89 (including)
Chrome Google 37.0.2062.90 (including) 37.0.2062.90 (including)
Chrome Google 37.0.2062.91 (including) 37.0.2062.91 (including)
Chrome Google 37.0.2062.92 (including) 37.0.2062.92 (including)
Chromium-browser Ubuntu devel *
Chromium-browser Ubuntu lucid *
Chromium-browser Ubuntu precise *
Chromium-browser Ubuntu trusty *
Chromium-browser Ubuntu upstream *

References