PT-2014-1180 · Google+9 · Google Chrome+9

Published

2014-05-20

·

Updated

2025-06-04

·

CVE-2014-1745

CVSS v2.0

7.5

High

VectorAV:N/AC:L/Au:N/C:P/I:P/A:P
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 35.0.1916.114
Description The issue is related to a use-after-free vulnerability in the SVG implementation in Blink, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object. This is related to the core/svg/SVGFontFaceElement.cpp file. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.
Recommendations For Google Chrome versions prior to 35.0.1916.114, update to version 35.0.1916.114 or later to resolve the issue. As a temporary workaround, consider disabling the use of SVGFontFaceElement objects until a patch is available. Restrict access to the vulnerable SVG implementation to minimize the risk of exploitation. Avoid using vectors that trigger removal of an SVGFontFaceElement object in the affected API endpoints until the issue is resolved.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

ALSA-2024:2126
ALSA-2024:2982
ALT-PU-2014-1955
BDU:2014-00330
CESA-2024_2982
CVE-2014-1745
DSA-2939-1
DSA-5527-1
DSA-5527-2
INFSA-2024_2126
INFSA-2024_2982
MGASA-2024-0148
OPENSUSE-SU-2024:10171-1
OPENSUSE-SU-2024:12948-1
OPENSUSE-SU-2024_0548-1
RHSA-2024:2126
RHSA-2024:2982
RHSA-2024_2126
RHSA-2024_2982
RHSA-2025:10364
RLSA-2024:2982
SUSE-SU-2024:0519-1
SUSE-SU-2024:0545-1
SUSE-SU-2024:0548-1
SUSE-SU-2024_0519-1
SUSE-SU-2024_0545-1
SUSE-SU-2024_0548-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Debian
Google Chrome
Apple Macos
Red Hat
Rocky Linux
Suse