CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:C/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
75.9%
Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging “type confusion” and reading property values, related to i18n.js and runtime.cc.
googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
lists.opensuse.org/opensuse-updates/2014-05/msg00049.html
lists.opensuse.org/opensuse-updates/2014-05/msg00050.html
secunia.com/advisories/58301
secunia.com/advisories/60372
security.gentoo.org/glsa/glsa-201408-16.xml
www.debian.org/security/2014/dsa-2920
code.google.com/p/chromium/issues/detail?id=354967
code.google.com/p/v8/source/detail?r=20375
code.google.com/p/v8/source/detail?r=20377
code.google.com/p/v8/source/detail?r=20388
code.google.com/p/v8/source/detail?r=20593
code.google.com/p/v8/source/detail?r=20595