The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Chrome
Published: 2014-07-20T10:00:00
Updated: 2024-08-06T10:35:56.778Z
Reserved: 2014-05-03T00:00:00
Link: CVE-2014-3160
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-07-20T11:12:50.243
Modified: 2023-11-07T02:19:47.483
Link: CVE-2014-3160
Redhat
No data.