CVE-2014-3170

Published: 27 August 2014

extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does not prevent use of a '\0' character in a host name, which allows remote attackers to spoof the extension permission dialog by relying on truncation after this character.

Priority

Medium

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
Upstream
Released (37.0.2062.94)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [37.0.2062.94-0ubuntu0.14.04.1~pkg1042])
oxide-qt
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected)