CVE-2014-1730

high

Description

Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc.

References

https://code.google.com/p/v8/source/detail?r=20595

https://code.google.com/p/v8/source/detail?r=20593

https://code.google.com/p/v8/source/detail?r=20388

https://code.google.com/p/v8/source/detail?r=20377

https://code.google.com/p/v8/source/detail?r=20375

https://code.google.com/p/chromium/issues/detail?id=354967

http://www.debian.org/security/2014/dsa-2920

http://security.gentoo.org/glsa/glsa-201408-16.xml

http://secunia.com/advisories/60372

http://secunia.com/advisories/58301

http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html

http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html

http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html

Details

Source: Mitre, NVD

Published: 2014-04-26

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High