Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-1716

Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."

Related bugs and status

CVE-2014-1716 (Candidate) is related to these bugs:

Bug #1302155: Chromium UI is very large

Summary				In	Importance	Status
	1302155	Chromium UI is very large		chromium-browser (Ubuntu)	Undecided	Fix Released

Bug #1837038: Broken and defunct libv8-3.14 urgently needs removal

Summary				In	Importance	Status
	1837038	Broken and defunct libv8-3.14 urgently needs removal		libv8-3.14 (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://googlechromerel...
CONFIRM: https://code.google.co...
CONFIRM: https://code.google.co...
DEBIAN: DSA-2905
SUSE: openSUSE-SU-2014:0601
GENTOO: GLSA-201408-16