CVE-2014-1730

2014-04-2610:55:05

CWE-843

Chrome

web.nvd.nist.gov

cve-2014-1730

google v8

google chrome

type confusion

access restrictions

internationalization metadata

remote attackers

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:C/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.005

Percentile

75.9%

JSON

Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging “type confusion” and reading property values, related to i18n.js and runtime.cc.

Affected configurations

Nvd

Node

googlechromeRange<34.0.1847.131

AND

applemac_os_xMatch-

microsoftwindowsMatch-

Node

googlechromeRange<34.0.1847.132

AND

linuxlinux_kernelMatch-

VendorProductVersionCPE
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
applemac_os_x-cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	chrome	*	cpe:2.3:a:google:chrome::::::::
apple	mac_os_x	-	cpe:2.3:o:apple:mac_os_x:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*