CVE-2014-3803

Published: 21 May 2014

The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute.

Priority

Status

Package	Release	Status
chromium-browser Launchpad, Ubuntu, Debian	lucid	Ignored (end of life)
	precise	Released (36.0.1985.125-0ubuntu1.12.04.0~pkg897)
	saucy	Ignored (end of life)
	trusty	Released (36.0.1985.125-0ubuntu1.14.04.0~pkg1029)
	upstream	Released (35.0.1916.114)
oxide-qt Launchpad, Ubuntu, Debian	lucid	Does not exist
	precise	Does not exist
	saucy	Does not exist
	trusty	Released (1.0.4-0ubuntu0.14.04.1)
	upstream	Released (1.0.4)

References

https://src.chromium.org/viewvc/blink?revision=171373&view=revision
https://code.google.com/p/chromium/issues/detail?id=360448
http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html
http://blog.guya.net/2014/04/07/to-listen-without-consent-abusing-the-html5-speech/
https://ubuntu.com/security/notices/USN-2298-1
https://www.cve.org/CVERecord?id=CVE-2014-3803
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.