CVE Vulnerabilities

CVE-2014-3172

Published: Aug 27, 2014 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.4 MEDIUM
AV:N/AC:L/Au:N/C:P/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tabs URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as demonstrated by a chrome:// URL.

Affected Software

Name Vendor Start Version End Version
Chrome Google * 37.0.2062.93 (including)
Chrome Google 37.0.2062.0 (including) 37.0.2062.0 (including)
Chrome Google 37.0.2062.1 (including) 37.0.2062.1 (including)
Chrome Google 37.0.2062.2 (including) 37.0.2062.2 (including)
Chrome Google 37.0.2062.3 (including) 37.0.2062.3 (including)
Chrome Google 37.0.2062.4 (including) 37.0.2062.4 (including)
Chrome Google 37.0.2062.5 (including) 37.0.2062.5 (including)
Chrome Google 37.0.2062.6 (including) 37.0.2062.6 (including)
Chrome Google 37.0.2062.7 (including) 37.0.2062.7 (including)
Chrome Google 37.0.2062.8 (including) 37.0.2062.8 (including)
Chrome Google 37.0.2062.9 (including) 37.0.2062.9 (including)
Chrome Google 37.0.2062.10 (including) 37.0.2062.10 (including)
Chrome Google 37.0.2062.11 (including) 37.0.2062.11 (including)
Chrome Google 37.0.2062.12 (including) 37.0.2062.12 (including)
Chrome Google 37.0.2062.13 (including) 37.0.2062.13 (including)
Chrome Google 37.0.2062.14 (including) 37.0.2062.14 (including)
Chrome Google 37.0.2062.15 (including) 37.0.2062.15 (including)
Chrome Google 37.0.2062.16 (including) 37.0.2062.16 (including)
Chrome Google 37.0.2062.17 (including) 37.0.2062.17 (including)
Chrome Google 37.0.2062.18 (including) 37.0.2062.18 (including)
Chrome Google 37.0.2062.19 (including) 37.0.2062.19 (including)
Chrome Google 37.0.2062.20 (including) 37.0.2062.20 (including)
Chrome Google 37.0.2062.21 (including) 37.0.2062.21 (including)
Chrome Google 37.0.2062.22 (including) 37.0.2062.22 (including)
Chrome Google 37.0.2062.23 (including) 37.0.2062.23 (including)
Chrome Google 37.0.2062.24 (including) 37.0.2062.24 (including)
Chrome Google 37.0.2062.25 (including) 37.0.2062.25 (including)
Chrome Google 37.0.2062.26 (including) 37.0.2062.26 (including)
Chrome Google 37.0.2062.27 (including) 37.0.2062.27 (including)
Chrome Google 37.0.2062.28 (including) 37.0.2062.28 (including)
Chrome Google 37.0.2062.29 (including) 37.0.2062.29 (including)
Chrome Google 37.0.2062.30 (including) 37.0.2062.30 (including)
Chrome Google 37.0.2062.31 (including) 37.0.2062.31 (including)
Chrome Google 37.0.2062.32 (including) 37.0.2062.32 (including)
Chrome Google 37.0.2062.33 (including) 37.0.2062.33 (including)
Chrome Google 37.0.2062.34 (including) 37.0.2062.34 (including)
Chrome Google 37.0.2062.35 (including) 37.0.2062.35 (including)
Chrome Google 37.0.2062.36 (including) 37.0.2062.36 (including)
Chrome Google 37.0.2062.37 (including) 37.0.2062.37 (including)
Chrome Google 37.0.2062.39 (including) 37.0.2062.39 (including)
Chrome Google 37.0.2062.43 (including) 37.0.2062.43 (including)
Chrome Google 37.0.2062.44 (including) 37.0.2062.44 (including)
Chrome Google 37.0.2062.45 (including) 37.0.2062.45 (including)
Chrome Google 37.0.2062.46 (including) 37.0.2062.46 (including)
Chrome Google 37.0.2062.47 (including) 37.0.2062.47 (including)
Chrome Google 37.0.2062.48 (including) 37.0.2062.48 (including)
Chrome Google 37.0.2062.49 (including) 37.0.2062.49 (including)
Chrome Google 37.0.2062.50 (including) 37.0.2062.50 (including)
Chrome Google 37.0.2062.51 (including) 37.0.2062.51 (including)
Chrome Google 37.0.2062.52 (including) 37.0.2062.52 (including)
Chrome Google 37.0.2062.53 (including) 37.0.2062.53 (including)
Chrome Google 37.0.2062.54 (including) 37.0.2062.54 (including)
Chrome Google 37.0.2062.55 (including) 37.0.2062.55 (including)
Chrome Google 37.0.2062.56 (including) 37.0.2062.56 (including)
Chrome Google 37.0.2062.57 (including) 37.0.2062.57 (including)
Chrome Google 37.0.2062.58 (including) 37.0.2062.58 (including)
Chrome Google 37.0.2062.59 (including) 37.0.2062.59 (including)
Chrome Google 37.0.2062.60 (including) 37.0.2062.60 (including)
Chrome Google 37.0.2062.61 (including) 37.0.2062.61 (including)
Chrome Google 37.0.2062.62 (including) 37.0.2062.62 (including)
Chrome Google 37.0.2062.63 (including) 37.0.2062.63 (including)
Chrome Google 37.0.2062.64 (including) 37.0.2062.64 (including)
Chrome Google 37.0.2062.65 (including) 37.0.2062.65 (including)
Chrome Google 37.0.2062.66 (including) 37.0.2062.66 (including)
Chrome Google 37.0.2062.67 (including) 37.0.2062.67 (including)
Chrome Google 37.0.2062.68 (including) 37.0.2062.68 (including)
Chrome Google 37.0.2062.69 (including) 37.0.2062.69 (including)
Chrome Google 37.0.2062.70 (including) 37.0.2062.70 (including)
Chrome Google 37.0.2062.71 (including) 37.0.2062.71 (including)
Chrome Google 37.0.2062.72 (including) 37.0.2062.72 (including)
Chrome Google 37.0.2062.73 (including) 37.0.2062.73 (including)
Chrome Google 37.0.2062.74 (including) 37.0.2062.74 (including)
Chrome Google 37.0.2062.75 (including) 37.0.2062.75 (including)
Chrome Google 37.0.2062.76 (including) 37.0.2062.76 (including)
Chrome Google 37.0.2062.77 (including) 37.0.2062.77 (including)
Chrome Google 37.0.2062.78 (including) 37.0.2062.78 (including)
Chrome Google 37.0.2062.80 (including) 37.0.2062.80 (including)
Chrome Google 37.0.2062.81 (including) 37.0.2062.81 (including)
Chrome Google 37.0.2062.89 (including) 37.0.2062.89 (including)
Chrome Google 37.0.2062.90 (including) 37.0.2062.90 (including)
Chrome Google 37.0.2062.91 (including) 37.0.2062.91 (including)
Chrome Google 37.0.2062.92 (including) 37.0.2062.92 (including)

References