CVE-2014-3172

The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as demonstrated by a chrome:// URL.

CVSS v2.0 6.4 MEDIUM

6.4^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html
http://secunia.com/advisories/60268
http://secunia.com/advisories/61482
http://security.gentoo.org/glsa/glsa-201408-16.xml
http://www.debian.org/security/2014/dsa-3039
http://www.securityfocus.com/bid/69401
http://www.securitytracker.com/id/1030767
https://crbug.com/367567
https://exchange.xforce.ibmcloud.com/vulnerabilities/95472
https://src.chromium.org/viewvc/chrome?revision=280354&view=revision
http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html
http://lists.opensuse.org/opensuse-security-announce/2014-09/msg00027.html
http://secunia.com/advisories/60268
http://secunia.com/advisories/61482
http://security.gentoo.org/glsa/glsa-201408-16.xml
http://www.debian.org/security/2014/dsa-3039
http://www.securityfocus.com/bid/69401
http://www.securitytracker.com/id/1030767
https://crbug.com/367567
https://exchange.xforce.ibmcloud.com/vulnerabilities/95472
https://src.chromium.org/viewvc/chrome?revision=280354&view=revision

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:google:chrome::::::::
	cpe:2.3:a:google:chrome:37.0.2062.0:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.1:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.2:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.3:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.4:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.5:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.6:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.7:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.8:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.9:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.10:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.11:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.12:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.13:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.14:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.15:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.16:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.17:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.18:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.19:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.20:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.21:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.22:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.23:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.24:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.25:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.26:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.27:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.28:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.29:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.30:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.31:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.32:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.33:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.34:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.35:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.36:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.37:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.39:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.43:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.44:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.45:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.46:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.47:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.48:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.49:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.50:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.51:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.52:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.53:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.54:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.55:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.56:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.57:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.58:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.59:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.60:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.61:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.62:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.63:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.64:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.65:::::::*
	cpe:2.3:a:google:chrome:37.0.2062.66:::::::*
cpe:2.3:a:google:chrome:37.0.2062.67:::::::*
cpe:2.3:a:google:chrome:37.0.2062.68:::::::*
cpe:2.3:a:google:chrome:37.0.2062.69:::::::*
cpe:2.3:a:google:chrome:37.0.2062.70:::::::*
cpe:2.3:a:google:chrome:37.0.2062.71:::::::*
cpe:2.3:a:google:chrome:37.0.2062.72:::::::*
cpe:2.3:a:google:chrome:37.0.2062.73:::::::*
cpe:2.3:a:google:chrome:37.0.2062.74:::::::*
cpe:2.3:a:google:chrome:37.0.2062.75:::::::*
cpe:2.3:a:google:chrome:37.0.2062.76:::::::*
cpe:2.3:a:google:chrome:37.0.2062.77:::::::*
cpe:2.3:a:google:chrome:37.0.2062.78:::::::*
cpe:2.3:a:google:chrome:37.0.2062.80:::::::*
cpe:2.3:a:google:chrome:37.0.2062.81:::::::*
cpe:2.3:a:google:chrome:37.0.2062.89:::::::*
cpe:2.3:a:google:chrome:37.0.2062.90:::::::*
cpe:2.3:a:google:chrome:37.0.2062.91:::::::*
cpe:2.3:a:google:chrome:37.0.2062.92:::::::*

History

No history.

Information

Published : 2014-08-27 01:55

Updated : 2025-04-12 10:46

NVD link : CVE-2014-3172

Mitre link : CVE-2014-3172

CVE.ORG link : CVE-2014-3172

JSON object : View

Products Affected

google

chrome

CWE

CWE-264

Permissions, Privileges, and Access Controls

6.4 /10