Launchpad CVE tracker

CVE 2014-3166

The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names.

Related bugs and status

CVE-2014-3166 (Candidate) is related to these bugs:

Bug #513745: pdf documents (probably other mimetypes too) not opened by chromium-browser

Summary				In	Importance	Status
	513745	pdf documents (probably other mimetypes too) not opened by chromium-browser		chromium-browser (Ubuntu)	Undecided	Fix Released
	513745	pdf documents (probably other mimetypes too) not opened by chromium-browser		Chromium Browser	Unknown	Unknown

Bug #1009902: auto-open pdf files is impossible because of security warnings

Summary				In	Importance	Status
	1009902	auto-open pdf files is impossible because of security warnings		chromium-browser (Ubuntu)	Undecided	Fix Released

Bug #1353185: Chromium 36 upgrade will not execute

Summary				In	Importance	Status
	1353185	Chromium 36 upgrade will not execute		chromium-browser (Ubuntu)	Undecided	Fix Released

Bug #1360505: Security fixes from 36.0.1985.143 and 37.0.2062.94

Summary				In	Importance	Status
	1360505	Security fixes from 36.0.1985.143 and 37.0.2062.94		chromium-browser (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-3166

References