PT-2014-1073 · Google+1 · Google Chrome+1

Publicado

2014-05-20

·

Atualizado

2024-06-15

·

CVE-2014-1747

CVSS v2.0

4.3

Média

VetorAV:N/AC:M/Au:N/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 35.0.1916.114
Description A cross-site scripting (XSS) issue exists in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, allowing remote attackers to inject arbitrary web script or HTML via crafted MHTML content. This issue is also known as "Universal XSS (UXSS)".
Recommendations For versions prior to 35.0.1916.114, update to version 35.0.1916.114 or later to resolve the issue. As a temporary workaround, consider restricting the use of MHTML content until a patch is applied.

Exploit

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

ALSA-2024_2126
ALT-PU-2014-1955
BDU:2014-00155
CVE-2014-1747
DSA-2939-1
OPENSUSE-SU-2024:10171-1
OPENSUSE-SU-2024:12948-1

Produtos afetados

Alt Linux
Google Chrome