CVE-2014-3188
Publication date 8 October 2014
Last updated 24 July 2024
Ubuntu priority
Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in json-parser.h.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| chromium-browser | ||
| 18.04 LTS bionic |
Fixed 38.0.2125.111-0ubuntu1.1103
|
|
| 16.04 LTS xenial |
Fixed 38.0.2125.111-0ubuntu1.1103
|
|
| 14.04 LTS trusty |
Fixed 38.0.2125.111-0ubuntu0.14.04.1.1061
|
|
| libv8 | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| libv8-3.14 | ||
| 18.04 LTS bionic | Ignored libv8 not supported | |
| 16.04 LTS xenial | Ignored libv8 not supported | |
| 14.04 LTS trusty | Not in release | |
| oxide-qt | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial |
Fixed 1.2.5-0ubuntu1
|
|
| 14.04 LTS trusty |
Fixed 1.2.5-0ubuntu0.14.10.1
|
|
Notes
seth-arnold
I didn't find a json-parser.h or ParseJsonObject via codesearch
mikesalvatore
The Ubuntu Security Team does not support libv8
References
Related Ubuntu Security Notices (USN)
- USN-2345-1
- Oxide vulnerabilities
- 14 October 2014