CVE-2014-3160

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 36.0.1985.125

Description The issue is related to the ResourceFetcher::canRequest function in Blink, which does not properly restrict subresource requests associated with SVG files. This allows remote attackers to bypass the Same Origin Policy via a crafted file. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions prior to 36.0.1985.125, update to version 36.0.1985.125 or later to resolve the issue. As a temporary workaround, consider restricting access to SVG files to minimize the risk of exploitation. Avoid using the ResourceFetcher::canRequest function until the issue is resolved.