CVE-2014-3197 - OpenCVE

The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Chrome
Redhat	Enterprise Linux Desktop Supplementary Enterprise Linux Server Supplementary Enterprise Linux Server Supplementary Eus Enterprise Linux Workstation Supplementary Rhel Extras

Configuration 1 [-]

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:::::::*

Package	CPE	Advisory	Released Date
Supplementary for Red Hat Enterprise Linux 6
chromium-browser-0:38.0.2125.101-2.el6_6	cpe:/a:redhat:rhel_extras:6	RHSA-2014:1626	2014-10-14T00:00:00Z

References

Link	Providers
http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html
http://rhn.redhat.com/errata/RHSA-2014-1626.html
http://www.securityfocus.com/bid/70273
https://crbug.com/396544
https://nvd.nist.gov/vuln/detail/CVE-2014-3197
https://src.chromium.org/viewvc/blink?revision=179240&view=revision
https://www.cve.org/CVERecord?id=CVE-2014-3197

History

No history.

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2014-10-08T10:00:00

Updated: 2024-08-06T10:35:57.081Z

Reserved: 2014-05-03T00:00:00

Link: CVE-2014-3197

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-10-08T10:55:06.690

Modified: 2023-11-07T02:20:02.773

Link: CVE-2014-3197

Redhat

Severity : Moderate

Publid Date: 2014-10-07T00:00:00Z

Links: CVE-2014-3197 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-10-07T00:00:00", "descriptions": [{"lang": "en", "value": "The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-11-25T19:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"name": "RHSA-2014:1626", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1626.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://crbug.com/396544"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://src.chromium.org/viewvc/blink?revision=179240&view=revision"}, {"name": "70273", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/70273"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2014-3197", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2014:1626", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1626.html"}, {"name": "https://crbug.com/396544", "refsource": "CONFIRM", "url": "https://crbug.com/396544"}, {"name": "https://src.chromium.org/viewvc/blink?revision=179240&view=revision", "refsource": "CONFIRM", "url": "https://src.chromium.org/viewvc/blink?revision=179240&view=revision"}, {"name": "70273", "refsource": "BID", "url": "http://www.securityfocus.com/bid/70273"}, {"name": "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T10:35:57.081Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2014:1626", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1626.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://crbug.com/396544"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://src.chromium.org/viewvc/blink?revision=179240&view=revision"}, {"name": "70273", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/70273"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2014-3197", "datePublished": "2014-10-08T10:00:00", "dateReserved": "2014-05-03T00:00:00", "dateUpdated": "2024-08-06T10:35:57.081Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "49217EEC-AE40-4FBD-A5D4-B4A323CD5645", "versionEndIncluding": "38.0.2125.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "B8C6E104-EDBC-481E-85B8-D39ED2058D39", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "4B74C62D-4A6D-4A4F-ADF6-A508322CD447", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:*:*:*:*:*:*:*", "matchCriteriaId": "04A2B180-08EF-4BE1-B1F2-48782874D6DB", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "6E89B38A-3697-46DD-BB3F-E8D2373588BE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site."}, {"lang": "es", "value": "La funci\u00f3n NavigationScheduler::schedulePageBlock en core/loader/NavigationScheduler.cpp en Blink, utilizado en Google Chrome anterior a 38.0.2125.101, no proporciona debidamente los datos de sustituci\u00f3n para las p\u00e1ginas bloqueadas por el auditor de XSS, lo que permite a atacantes remotos obtener informaci\u00f3n sensible a trav\u00e9s de un sitio web manipulado."}], "id": "CVE-2014-3197", "lastModified": "2023-11-07T02:20:02.773", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-10-08T10:55:06.690", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-1626.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securityfocus.com/bid/70273"}, {"source": "chrome-cve-admin@google.com", "url": "https://crbug.com/396544"}, {"source": "chrome-cve-admin@google.com", "url": "https://src.chromium.org/viewvc/blink?revision=179240&view=revision"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}