Lucene search

ChromeCVE-2014-3172

HistoryAug 27, 2014 - 1:55 a.m.

CVE-2014-3172

2014-08-2701:55:05

CWE-264

Chrome

web.nvd.nist.gov

google chrome

debugger extension

api

bypass

security vulnerability

cve-2014-3172

nvd

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

AI Score

6.1

Confidence

Low

EPSS

0.004

Percentile

74.3%

JSON

The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab’s URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as demonstrated by a chrome:// URL.

Affected configurations

Nvd

Node

googlechromeRange≤37.0.2062.93

googlechromeMatch37.0.2062.0

googlechromeMatch37.0.2062.1

googlechromeMatch37.0.2062.2

googlechromeMatch37.0.2062.3

googlechromeMatch37.0.2062.4

googlechromeMatch37.0.2062.5

googlechromeMatch37.0.2062.6

googlechromeMatch37.0.2062.7

googlechromeMatch37.0.2062.8

googlechromeMatch37.0.2062.9

googlechromeMatch37.0.2062.10

googlechromeMatch37.0.2062.11

googlechromeMatch37.0.2062.12

googlechromeMatch37.0.2062.13

googlechromeMatch37.0.2062.14

googlechromeMatch37.0.2062.15

googlechromeMatch37.0.2062.16

googlechromeMatch37.0.2062.17

googlechromeMatch37.0.2062.18

googlechromeMatch37.0.2062.19

googlechromeMatch37.0.2062.20

googlechromeMatch37.0.2062.21

googlechromeMatch37.0.2062.22

googlechromeMatch37.0.2062.23

googlechromeMatch37.0.2062.24

googlechromeMatch37.0.2062.25

googlechromeMatch37.0.2062.26

googlechromeMatch37.0.2062.27

googlechromeMatch37.0.2062.28

googlechromeMatch37.0.2062.29

googlechromeMatch37.0.2062.30

googlechromeMatch37.0.2062.31

googlechromeMatch37.0.2062.32

googlechromeMatch37.0.2062.33

googlechromeMatch37.0.2062.34

googlechromeMatch37.0.2062.35

googlechromeMatch37.0.2062.36

googlechromeMatch37.0.2062.37

googlechromeMatch37.0.2062.39

googlechromeMatch37.0.2062.43

googlechromeMatch37.0.2062.44

googlechromeMatch37.0.2062.45

googlechromeMatch37.0.2062.46

googlechromeMatch37.0.2062.47

googlechromeMatch37.0.2062.48

googlechromeMatch37.0.2062.49

googlechromeMatch37.0.2062.50

googlechromeMatch37.0.2062.51

googlechromeMatch37.0.2062.52

googlechromeMatch37.0.2062.53

googlechromeMatch37.0.2062.54

googlechromeMatch37.0.2062.55

googlechromeMatch37.0.2062.56

googlechromeMatch37.0.2062.57

googlechromeMatch37.0.2062.58

googlechromeMatch37.0.2062.59

googlechromeMatch37.0.2062.60

googlechromeMatch37.0.2062.61

googlechromeMatch37.0.2062.62

googlechromeMatch37.0.2062.63

googlechromeMatch37.0.2062.64

googlechromeMatch37.0.2062.65

googlechromeMatch37.0.2062.66

googlechromeMatch37.0.2062.67

googlechromeMatch37.0.2062.68

googlechromeMatch37.0.2062.69

googlechromeMatch37.0.2062.70

googlechromeMatch37.0.2062.71

googlechromeMatch37.0.2062.72

googlechromeMatch37.0.2062.73

googlechromeMatch37.0.2062.74

googlechromeMatch37.0.2062.75

googlechromeMatch37.0.2062.76

googlechromeMatch37.0.2062.77

googlechromeMatch37.0.2062.78

googlechromeMatch37.0.2062.80

googlechromeMatch37.0.2062.81

googlechromeMatch37.0.2062.89

googlechromeMatch37.0.2062.90

googlechromeMatch37.0.2062.91

googlechromeMatch37.0.2062.92

VendorProductVersionCPE
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
googlechrome37.0.2062.0cpe:2.3:a:google:chrome:37.0.2062.0:*:*:*:*:*:*:*
googlechrome37.0.2062.1cpe:2.3:a:google:chrome:37.0.2062.1:*:*:*:*:*:*:*
googlechrome37.0.2062.2cpe:2.3:a:google:chrome:37.0.2062.2:*:*:*:*:*:*:*
googlechrome37.0.2062.3cpe:2.3:a:google:chrome:37.0.2062.3:*:*:*:*:*:*:*
googlechrome37.0.2062.4cpe:2.3:a:google:chrome:37.0.2062.4:*:*:*:*:*:*:*
googlechrome37.0.2062.5cpe:2.3:a:google:chrome:37.0.2062.5:*:*:*:*:*:*:*
googlechrome37.0.2062.6cpe:2.3:a:google:chrome:37.0.2062.6:*:*:*:*:*:*:*
googlechrome37.0.2062.7cpe:2.3:a:google:chrome:37.0.2062.7:*:*:*:*:*:*:*
googlechrome37.0.2062.8cpe:2.3:a:google:chrome:37.0.2062.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	chrome	*	cpe:2.3:a:google:chrome::::::::
google	chrome	37.0.2062.0	cpe:2.3:a:google:chrome:37.0.2062.0:::::::*
google	chrome	37.0.2062.1	cpe:2.3:a:google:chrome:37.0.2062.1:::::::*
google	chrome	37.0.2062.2	cpe:2.3:a:google:chrome:37.0.2062.2:::::::*
google	chrome	37.0.2062.3	cpe:2.3:a:google:chrome:37.0.2062.3:::::::*
google	chrome	37.0.2062.4	cpe:2.3:a:google:chrome:37.0.2062.4:::::::*
google	chrome	37.0.2062.5	cpe:2.3:a:google:chrome:37.0.2062.5:::::::*
google	chrome	37.0.2062.6	cpe:2.3:a:google:chrome:37.0.2062.6:::::::*
google	chrome	37.0.2062.7	cpe:2.3:a:google:chrome:37.0.2062.7:::::::*
google	chrome	37.0.2062.8	cpe:2.3:a:google:chrome:37.0.2062.8:::::::*