CVE-2014-3197

{"id": "CVE-2014-3197", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-10-08T10:55:06.690", "references": [{"url": "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html", "source": "chrome-cve-admin@google.com"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-1626.html", "source": "chrome-cve-admin@google.com"}, {"url": "http://www.securityfocus.com/bid/70273", "source": "chrome-cve-admin@google.com"}, {"url": "https://crbug.com/396544", "source": "chrome-cve-admin@google.com"}, {"url": "https://src.chromium.org/viewvc/blink?revision=179240&view=revision", "source": "chrome-cve-admin@google.com"}, {"url": "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://rhn.redhat.com/errata/RHSA-2014-1626.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/70273", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://crbug.com/396544", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://src.chromium.org/viewvc/blink?revision=179240&view=revision", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site."}, {"lang": "es", "value": "La funci\u00f3n NavigationScheduler::schedulePageBlock en core/loader/NavigationScheduler.cpp en Blink, utilizado en Google Chrome anterior a 38.0.2125.101, no proporciona debidamente los datos de sustituci\u00f3n para las p\u00e1ginas bloqueadas por el auditor de XSS, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de un sitio web manipulado."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49217EEC-AE40-4FBD-A5D4-B4A323CD5645", "versionEndIncluding": "38.0.2125.7"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8C6E104-EDBC-481E-85B8-D39ED2058D39"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4B74C62D-4A6D-4A4F-ADF6-A508322CD447"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "04A2B180-08EF-4BE1-B1F2-48782874D6DB"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6E89B38A-3697-46DD-BB3F-E8D2373588BE"}], "operator": "OR"}]}], "sourceIdentifier": "chrome-cve-admin@google.com"}