FKIE_CVE-2014-3160
Vulnerability from fkie_nvd - Published: 2014-07-20 11:12 - Updated: 2025-04-12 10:46
Severity ?
Summary
The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| chrome | 36.0.1985.1 | ||
| chrome | 36.0.1985.2 | ||
| chrome | 36.0.1985.3 | ||
| chrome | 36.0.1985.4 | ||
| chrome | 36.0.1985.5 | ||
| chrome | 36.0.1985.6 | ||
| chrome | 36.0.1985.8 | ||
| chrome | 36.0.1985.12 | ||
| chrome | 36.0.1985.13 | ||
| chrome | 36.0.1985.14 | ||
| chrome | 36.0.1985.15 | ||
| chrome | 36.0.1985.16 | ||
| chrome | 36.0.1985.17 | ||
| chrome | 36.0.1985.18 | ||
| chrome | 36.0.1985.19 | ||
| chrome | 36.0.1985.20 | ||
| chrome | 36.0.1985.21 | ||
| chrome | 36.0.1985.22 | ||
| chrome | 36.0.1985.23 | ||
| chrome | 36.0.1985.24 | ||
| chrome | 36.0.1985.25 | ||
| chrome | 36.0.1985.26 | ||
| chrome | 36.0.1985.27 | ||
| chrome | 36.0.1985.28 | ||
| chrome | 36.0.1985.29 | ||
| chrome | 36.0.1985.30 | ||
| chrome | 36.0.1985.31 | ||
| chrome | 36.0.1985.32 | ||
| chrome | 36.0.1985.33 | ||
| chrome | 36.0.1985.34 | ||
| chrome | 36.0.1985.35 | ||
| chrome | 36.0.1985.36 | ||
| chrome | 36.0.1985.37 | ||
| chrome | 36.0.1985.38 | ||
| chrome | 36.0.1985.39 | ||
| chrome | 36.0.1985.40 | ||
| chrome | 36.0.1985.41 | ||
| chrome | 36.0.1985.42 | ||
| chrome | 36.0.1985.43 | ||
| chrome | 36.0.1985.44 | ||
| chrome | 36.0.1985.45 | ||
| chrome | 36.0.1985.46 | ||
| chrome | 36.0.1985.47 | ||
| chrome | 36.0.1985.48 | ||
| chrome | 36.0.1985.49 | ||
| chrome | 36.0.1985.50 | ||
| chrome | 36.0.1985.51 | ||
| chrome | 36.0.1985.52 | ||
| chrome | 36.0.1985.53 | ||
| chrome | 36.0.1985.54 | ||
| chrome | 36.0.1985.55 | ||
| chrome | 36.0.1985.56 | ||
| chrome | 36.0.1985.57 | ||
| chrome | 36.0.1985.58 | ||
| chrome | 36.0.1985.59 | ||
| chrome | 36.0.1985.60 | ||
| chrome | 36.0.1985.61 | ||
| chrome | 36.0.1985.62 | ||
| chrome | 36.0.1985.63 | ||
| chrome | 36.0.1985.64 | ||
| chrome | 36.0.1985.65 | ||
| chrome | 36.0.1985.66 | ||
| chrome | 36.0.1985.67 | ||
| chrome | 36.0.1985.68 | ||
| chrome | 36.0.1985.69 | ||
| chrome | 36.0.1985.70 | ||
| chrome | 36.0.1985.72 | ||
| chrome | 36.0.1985.73 | ||
| chrome | 36.0.1985.74 | ||
| chrome | 36.0.1985.75 | ||
| chrome | 36.0.1985.76 | ||
| chrome | 36.0.1985.77 | ||
| chrome | 36.0.1985.78 | ||
| chrome | 36.0.1985.79 | ||
| chrome | 36.0.1985.81 | ||
| chrome | 36.0.1985.82 | ||
| chrome | 36.0.1985.83 | ||
| chrome | 36.0.1985.84 | ||
| chrome | 36.0.1985.85 | ||
| chrome | 36.0.1985.86 | ||
| chrome | 36.0.1985.87 | ||
| chrome | 36.0.1985.88 | ||
| chrome | 36.0.1985.89 | ||
| chrome | 36.0.1985.90 | ||
| chrome | 36.0.1985.91 | ||
| chrome | 36.0.1985.92 | ||
| chrome | 36.0.1985.93 | ||
| chrome | 36.0.1985.94 | ||
| chrome | 36.0.1985.95 | ||
| chrome | 36.0.1985.96 | ||
| chrome | 36.0.1985.97 | ||
| chrome | 36.0.1985.98 | ||
| chrome | 36.0.1985.99 | ||
| chrome | 36.0.1985.100 | ||
| chrome | 36.0.1985.101 | ||
| chrome | 36.0.1985.102 | ||
| chrome | 36.0.1985.103 | ||
| chrome | 36.0.1985.104 | ||
| chrome | 36.0.1985.105 | ||
| chrome | 36.0.1985.106 | ||
| chrome | 36.0.1985.122 | ||
| chrome | 36.0.1985.123 | ||
| chrome | 36.0.1985.124 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.1:*:*:*:*:*:*:*",
"matchCriteriaId": "034EBC36-A9CF-4606-A08F-7159AB86AFCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BB5738B3-6465-4AF4-A7FA-103FED812F56",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.3:*:*:*:*:*:*:*",
"matchCriteriaId": "188511A2-3516-4993-982D-923ECA1A4C25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.4:*:*:*:*:*:*:*",
"matchCriteriaId": "8CED7E89-3559-439D-8840-B68C01C8D5E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CDC37763-EB39-49BF-9DE8-1E1FE3278A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.6:*:*:*:*:*:*:*",
"matchCriteriaId": "E5FB6B01-3610-447D-8F80-BCF45AA8774A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.8:*:*:*:*:*:*:*",
"matchCriteriaId": "C0BC651A-0811-46DB-B3E2-06574DFCEA77",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.12:*:*:*:*:*:*:*",
"matchCriteriaId": "663584A3-7E9A-4A85-A6FD-139A4901CE0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.13:*:*:*:*:*:*:*",
"matchCriteriaId": "C77F9F75-A405-48B0-B4B1-CBEA993EC127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.14:*:*:*:*:*:*:*",
"matchCriteriaId": "D8E0C87F-44BB-44E0-8D3B-90E77FA97923",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.15:*:*:*:*:*:*:*",
"matchCriteriaId": "CF831B62-3FA4-4AAB-93C5-94C90E09C0D5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.16:*:*:*:*:*:*:*",
"matchCriteriaId": "23CE59C5-6330-4022-9071-D2B1F2C9743B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.17:*:*:*:*:*:*:*",
"matchCriteriaId": "0E349413-FC94-4C7C-831B-AD19E660AAEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.18:*:*:*:*:*:*:*",
"matchCriteriaId": "DFE28FF7-EACE-474F-8AB1-897C9515D8CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.19:*:*:*:*:*:*:*",
"matchCriteriaId": "7411454F-7C8A-4ADB-8F1E-F24F38CC475B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.20:*:*:*:*:*:*:*",
"matchCriteriaId": "C5E38BA8-A312-4374-BA95-095A6C581177",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.21:*:*:*:*:*:*:*",
"matchCriteriaId": "2BCB94DC-B29A-4DE2-8DD7-8027144E9160",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.22:*:*:*:*:*:*:*",
"matchCriteriaId": "289B4894-C04B-42B9-AF34-6F6C3283B92F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.23:*:*:*:*:*:*:*",
"matchCriteriaId": "BAFFBA9E-7B85-498B-ABFC-C1E9FA3E7957",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.24:*:*:*:*:*:*:*",
"matchCriteriaId": "4775EFA0-72D0-40C3-9C57-82719F1E787F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.25:*:*:*:*:*:*:*",
"matchCriteriaId": "F1543632-8553-4B11-8C52-040D9B789D72",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.26:*:*:*:*:*:*:*",
"matchCriteriaId": "BB77631C-E246-4297-A3DF-8C65C7764447",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.27:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4FD7BE-8EF5-4695-9FDE-56E0AEB537A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.28:*:*:*:*:*:*:*",
"matchCriteriaId": "9D496614-D271-4BDB-9970-113DAD4BD831",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.29:*:*:*:*:*:*:*",
"matchCriteriaId": "8636C621-F6A9-4AE7-BB02-0318BF1DD8B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.30:*:*:*:*:*:*:*",
"matchCriteriaId": "FBCA4077-F5C9-43D2-9199-944C89633552",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.31:*:*:*:*:*:*:*",
"matchCriteriaId": "DE15A42D-F019-4F64-8A0F-C0EAEFCF35E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.32:*:*:*:*:*:*:*",
"matchCriteriaId": "3277E700-A60B-48A4-96D5-AE9A154EC3B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.33:*:*:*:*:*:*:*",
"matchCriteriaId": "2C34880E-02B2-4FA2-A3CE-CD6B57870703",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.34:*:*:*:*:*:*:*",
"matchCriteriaId": "122EBB89-8BB8-42EE-BD7E-BA8A6D78FCA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.35:*:*:*:*:*:*:*",
"matchCriteriaId": "09CCBBF4-002D-4020-BF73-02FC4783014B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.36:*:*:*:*:*:*:*",
"matchCriteriaId": "9341B2CC-90C5-403D-A6BD-C5D6CB668DF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.37:*:*:*:*:*:*:*",
"matchCriteriaId": "BE485EA9-4E47-46E5-9E36-F023FA4552B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.38:*:*:*:*:*:*:*",
"matchCriteriaId": "9C23AD90-B066-40AB-9015-CB27319F5DC8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.39:*:*:*:*:*:*:*",
"matchCriteriaId": "23BA1D89-E3F1-45A9-BDBE-116217FA564E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.40:*:*:*:*:*:*:*",
"matchCriteriaId": "01BD5F1D-1BA1-4993-8A25-393D22229C43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.41:*:*:*:*:*:*:*",
"matchCriteriaId": "C18A686D-1176-45E1-8BB6-FBFD7EB8125D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.42:*:*:*:*:*:*:*",
"matchCriteriaId": "E77A0160-6D9B-4F31-A3E9-326D47861BD7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.43:*:*:*:*:*:*:*",
"matchCriteriaId": "5D6BB6E3-50DD-49AF-BAD5-8D6B882EC8FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.44:*:*:*:*:*:*:*",
"matchCriteriaId": "34110090-4076-4F54-B725-6E7FDF8B9AE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.45:*:*:*:*:*:*:*",
"matchCriteriaId": "641A7CED-5A5B-4234-B457-7D25D9803798",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.46:*:*:*:*:*:*:*",
"matchCriteriaId": "FB8D94F8-532B-442D-AF36-43ADAA29C3EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.47:*:*:*:*:*:*:*",
"matchCriteriaId": "8A4CB7E6-F4C8-438B-8A0A-72725C4FAAA4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.48:*:*:*:*:*:*:*",
"matchCriteriaId": "336A4169-DE67-4F47-B48B-6FED2FF836BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.49:*:*:*:*:*:*:*",
"matchCriteriaId": "D85A3544-3B3A-4C09-A5AD-19C76D50B543",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.50:*:*:*:*:*:*:*",
"matchCriteriaId": "4275E418-3339-4DB8-B1D3-843E233475CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.51:*:*:*:*:*:*:*",
"matchCriteriaId": "A9BFCF28-7B2E-4542-B10F-48E107944167",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.52:*:*:*:*:*:*:*",
"matchCriteriaId": "C67843B6-5F11-43F2-AFA8-0525C52D4ACE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.53:*:*:*:*:*:*:*",
"matchCriteriaId": "707F90CE-9315-4307-8FFD-86E2466731A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.54:*:*:*:*:*:*:*",
"matchCriteriaId": "41D30577-22E1-48A4-A9F6-FA9AB1E3EEFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.55:*:*:*:*:*:*:*",
"matchCriteriaId": "DBBA976C-1225-4BD3-B5AF-C56367B2675A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.56:*:*:*:*:*:*:*",
"matchCriteriaId": "53D869C6-B72F-4CAB-A61E-2A339AA37BDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.57:*:*:*:*:*:*:*",
"matchCriteriaId": "4A6FCCCE-2134-4FCC-8B69-1538D232CF8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.58:*:*:*:*:*:*:*",
"matchCriteriaId": "8E63561C-7674-4261-89B6-9DAC97166BAE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.59:*:*:*:*:*:*:*",
"matchCriteriaId": "81797436-C14E-4D73-BCE8-D174F3AFD47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.60:*:*:*:*:*:*:*",
"matchCriteriaId": "8AB3BBF3-6667-4C1E-8A44-53BA9ADE390D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.61:*:*:*:*:*:*:*",
"matchCriteriaId": "C9A52C40-FECD-4DFE-A6FF-5834201F2086",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.62:*:*:*:*:*:*:*",
"matchCriteriaId": "AD6DEE24-CD3C-416D-9FA1-0A3284C7155E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.63:*:*:*:*:*:*:*",
"matchCriteriaId": "EA359EE0-5047-4A22-B352-88FE56EC4A6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.64:*:*:*:*:*:*:*",
"matchCriteriaId": "4ACB01CD-69F8-4133-B0C8-88C667AF77E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.65:*:*:*:*:*:*:*",
"matchCriteriaId": "CEE6A128-59E6-4728-B5C6-4BF1813D4C40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.66:*:*:*:*:*:*:*",
"matchCriteriaId": "5E8D8C88-B0DC-40B6-9388-E175041D8E96",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.67:*:*:*:*:*:*:*",
"matchCriteriaId": "3C96219D-2840-4C31-8C29-8763CF8EA1D0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.68:*:*:*:*:*:*:*",
"matchCriteriaId": "3286D039-6014-453E-8DE6-EF4EC041B3FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.69:*:*:*:*:*:*:*",
"matchCriteriaId": "EB694F99-6E1E-46C5-BAB3-6319ADF4191D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.70:*:*:*:*:*:*:*",
"matchCriteriaId": "6B850799-6FA4-427A-B496-373AA97BE924",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.72:*:*:*:*:*:*:*",
"matchCriteriaId": "8344CC6B-620A-4AAD-A3D7-D15254D91442",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.73:*:*:*:*:*:*:*",
"matchCriteriaId": "39E26455-A7E4-4F7E-8C93-A98E531D3421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.74:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB57BC3-53B7-41D6-8B2F-0621222D9CDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.75:*:*:*:*:*:*:*",
"matchCriteriaId": "34067661-1C76-43AA-A448-B3598FE76420",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.76:*:*:*:*:*:*:*",
"matchCriteriaId": "4E4ED68C-3156-4286-AF42-964A6BF5CCF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.77:*:*:*:*:*:*:*",
"matchCriteriaId": "4C487E25-F043-4C84-ADEF-CBBF97A6C294",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.78:*:*:*:*:*:*:*",
"matchCriteriaId": "F78FF9B8-C78F-4A1E-AFB3-46330E2A0EC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.79:*:*:*:*:*:*:*",
"matchCriteriaId": "0CFBDA89-FB41-496C-A259-E3D0B034674B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.81:*:*:*:*:*:*:*",
"matchCriteriaId": "A6BF5998-676C-4E94-9020-26BD6D5D1780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.82:*:*:*:*:*:*:*",
"matchCriteriaId": "45E63B35-47C3-46B2-93F5-7564CF6D208F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.83:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD19170-FDD4-41CE-BD56-779A622DF181",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.84:*:*:*:*:*:*:*",
"matchCriteriaId": "E06AD6A4-721C-427F-9B48-77F711DD93C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.85:*:*:*:*:*:*:*",
"matchCriteriaId": "E8A4C658-D47B-4BC3-890B-CAE400487F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.86:*:*:*:*:*:*:*",
"matchCriteriaId": "16A6D8DE-1428-4B16-B331-02804A36CE38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.87:*:*:*:*:*:*:*",
"matchCriteriaId": "0110A1CE-FDDB-442D-8570-631C540E7893",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.88:*:*:*:*:*:*:*",
"matchCriteriaId": "8913F802-16B1-413F-B506-CDD01EF45254",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.89:*:*:*:*:*:*:*",
"matchCriteriaId": "00FC13E3-B987-4E96-8DE6-1F86C56D3421",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.90:*:*:*:*:*:*:*",
"matchCriteriaId": "8723AA17-560B-4F5F-A2C3-22521C1A6DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.91:*:*:*:*:*:*:*",
"matchCriteriaId": "F18EDAA2-D781-4380-9B58-DB56950E5030",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.92:*:*:*:*:*:*:*",
"matchCriteriaId": "CEF5627B-2ACD-4980-8706-EA6A44CACD4E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.93:*:*:*:*:*:*:*",
"matchCriteriaId": "161617EB-3319-4863-8455-3196A10768C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.94:*:*:*:*:*:*:*",
"matchCriteriaId": "17D4849F-0D38-4883-90C0-92828EA45D37",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.95:*:*:*:*:*:*:*",
"matchCriteriaId": "FA069046-D948-474A-BCAE-447B9149CA32",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.96:*:*:*:*:*:*:*",
"matchCriteriaId": "CFA70EA7-79B2-4762-BF48-464E566D68F8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.97:*:*:*:*:*:*:*",
"matchCriteriaId": "0C41B757-007A-4EE6-B348-D1DD53EE0C3F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.98:*:*:*:*:*:*:*",
"matchCriteriaId": "8B21277A-265E-41B5-BA87-5EC59A37CB19",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.99:*:*:*:*:*:*:*",
"matchCriteriaId": "92BB0B75-5563-456D-BC06-5C493F42EFA8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.100:*:*:*:*:*:*:*",
"matchCriteriaId": "F0267B12-C831-49FF-B09D-0F51D7480DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.101:*:*:*:*:*:*:*",
"matchCriteriaId": "00978DD0-CEF3-4544-BF55-154F1BFEE7A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.102:*:*:*:*:*:*:*",
"matchCriteriaId": "35D70A8A-3962-4723-A313-8114F3A3D7CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.103:*:*:*:*:*:*:*",
"matchCriteriaId": "8AE52C3A-9E56-4835-AC3B-02356F812805",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.104:*:*:*:*:*:*:*",
"matchCriteriaId": "D43A19BA-BC19-4A01-B7F8-568753ACBD67",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.105:*:*:*:*:*:*:*",
"matchCriteriaId": "4330A8C3-A9C7-4D20-B1E1-B050FE660BE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.106:*:*:*:*:*:*:*",
"matchCriteriaId": "323B3255-DB94-41B2-AFED-12AA8A8B2EBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.122:*:*:*:*:*:*:*",
"matchCriteriaId": "21AF0201-C7F6-4884-939F-81466F0F9FED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.123:*:*:*:*:*:*:*",
"matchCriteriaId": "266D9AD9-7256-4627-89A1-0DA3389A19CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:google:chrome:36.0.1985.124:*:*:*:*:*:*:*",
"matchCriteriaId": "02C1BF3E-264A-4809-87BE-6A00F041DBCE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file."
},
{
"lang": "es",
"value": "La funci\u00f3n ResourceFetcher::canRequest en core/fetch/ResourceFetcher.cpp en Blink, utilizado en Google Chrome anterior a 36.0.1985.125, no restringe debidamente las solicitudes de subrecursos asociados con ficheros SVG, lo que permite a atacantes remotos evadir Same Origin Policy a trav\u00e9s de un fichero manipulado."
}
],
"id": "CVE-2014-3160",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-07-20T11:12:50.243",
"references": [
{
"source": "chrome-cve-admin@google.com",
"url": "http://googlechromereleases.blogspot.com/2014/07/stable-channel-update.html"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://secunia.com/advisories/60061"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://secunia.com/advisories/60372"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://security.gentoo.org/glsa/glsa-201408-16.xml"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.debian.org/security/2014/dsa-3039"
},
{
"source": "chrome-cve-admin@google.com",
"url": "http://www.securityfocus.com/bid/68677"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://code.google.com/p/chromium/issues/detail?id=380885"
},
{
"source": "chrome-cve-admin@google.com",
"url": "https://src.chromium.org/viewvc/blink?revision=176084\u0026view=revision"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://googlechromereleases.blogspot.com/2014/07/stable-channel-update.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60061"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/60372"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-201408-16.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2014/dsa-3039"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/68677"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://code.google.com/p/chromium/issues/detail?id=380885"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://src.chromium.org/viewvc/blink?revision=176084\u0026view=revision"
}
],
"sourceIdentifier": "chrome-cve-admin@google.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…