CVE-2014-3197

Impact:
Moderate
Public Date:
2014-10-07
CWE:
CWE-200
Bugzilla:
1151422: CVE-2014-3197 chromium: information leak in XSS Auditor fixed in Chrome 38.0.2125.101

The MITRE CVE dictionary describes this issue as:

The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site.

Find out more about CVE-2014-3197 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 4.3
Base Metrics AV:N/AC:M/Au:N/C:P/I:N/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Supplementary (v. 6) (chromium-browser) RHSA-2014:1626 2014-10-14

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 7 webkitgtk3 Not affected
Red Hat Enterprise Linux 6 webkitgtk Not affected

External References

Last Modified

CVE description copyright © 2017, The MITRE Corporation

Close

Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.