Vulnerability Details : CVE-2014-1716
Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."
Vulnerability category: Cross site scripting (XSS)
Exploit prediction scoring system (EPSS) score for CVE-2014-1716
Probability of exploitation activity in the next 30 days: 0.57%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 75 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-1716
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2014-1716
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-1716
-
http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
https://code.google.com/p/chromium/issues/detail?id=354123
354123 - UXSS with Object.setPrototypeOf - chromium - MonorailPermissions Required
-
http://security.gentoo.org/glsa/glsa-201408-16.xml
Chromium: Multiple vulnerabilities (GLSA 201408-16) — Gentoo security
-
http://lists.opensuse.org/opensuse-updates/2014-05/msg00012.html
openSUSE-SU-2014:0601-1: moderate: update for chromiumThird Party Advisory
-
https://code.google.com/p/v8/source/detail?r=20138
v8 - V8 JavaScript Engine - Monorail
-
http://www.debian.org/security/2014/dsa-2905
Debian -- Security Information -- DSA-2905-1 chromium-browserThird Party Advisory
Products affected by CVE-2014-1716
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*