CVE-2014-3172
Published: 27 August 2014
The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as demonstrated by a chrome:// URL.
Priority
Status
Package | Release | Status |
---|---|---|
chromium-browser Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(37.0.2062.94-0ubuntu0.12.04.1~pkg909)
|
|
trusty |
Released
(37.0.2062.94-0ubuntu0.14.04.1~pkg1042)
|
|
upstream |
Released
(37.0.2062.94)
|
|
oxide-qt Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Not vulnerable
|