CVE-2014-3195

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 38.0.2125.101 Opera versions prior to 25.0.1614.50

Description The issue allows remote attackers to obtain sensitive information via crafted JavaScript code. This is related to improper tracking of JavaScript heap-memory allocations as allocations of uninitialized memory and improper concatenation of arrays of double-precision floating-point numbers. The affected functions include PagedSpace::AllocateRaw and NewSpace::AllocateRaw in heap/spaces-inl.h, LargeObjectSpace::AllocateRaw in heap/spaces.cc, and Runtime ArrayConcat in runtime.cc.

Recommendations For Google Chrome versions prior to 38.0.2125.101, update to version 38.0.2125.101 or later. For Opera versions prior to 25.0.1614.50, update to version 25.0.1614.50 or later. As a temporary workaround, consider restricting the execution of crafted JavaScript code until a patch is available.