Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2014-3160

The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file.

Related bugs and status

CVE-2014-3160 (Candidate) is related to these bugs:

Bug #1331375: Update Chromium to >= 36.0.1985.125 (including security fixes)

Summary				In	Importance	Status
	1331375	Update Chromium to >= 36.0.1985.125 (including security fixes)		chromium-browser (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://googlechromerel...
CONFIRM: https://code.google.co...
DEBIAN: DSA-3039
GENTOO: GLSA-201408-16
BID: 68677
SECUNIA: 60372
SECUNIA: 60061
CONFIRM: https://src.chromium.o...