CVE-2014-1730 : Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not

Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc.

Published 2014-04-26 10:55:05

Updated 2022-11-10 17:58:26

Source Google Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2014-1730

Probability of exploitation activity in the next 30 days: 0.48%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 75 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2014-1730

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.8	HIGH	AV:N/AC:L/Au:N/C:C/I:N/A:N	10.0	6.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: None Availability Impact: None

CWE ids for CVE-2014-1730

CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-1730

http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html

openSUSE-SU-2014:0668-1: moderate: update for chromium
Broken Link

CVEs referencing this url
http://security.gentoo.org/glsa/glsa-201408-16.xml

Chromium: Multiple vulnerabilities (GLSA 201408-16) — Gentoo security
Third Party Advisory

CVEs referencing this url
https://code.google.com/p/chromium/issues/detail?id=354967

Inloggen - Google Accounts
Permissions Required
https://code.google.com/p/v8/source/detail?r=20375

v8 - V8 JavaScript Engine - Monorail
Vendor Advisory
http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html

openSUSE-SU-2014:0669-1: moderate: update for chromium
Broken Link

CVEs referencing this url
http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html

Chrome Releases: Stable Channel Update
Broken Link;Release Notes;Vendor Advisory

CVEs referencing this url
https://code.google.com/p/v8/source/detail?r=20388

v8 - V8 JavaScript Engine - Monorail
Vendor Advisory
https://code.google.com/p/v8/source/detail?r=20595

v8 - V8 JavaScript Engine - Monorail
Vendor Advisory
http://www.debian.org/security/2014/dsa-2920

Debian -- Security Information -- DSA-2920-1 chromium-browser
Third Party Advisory

CVEs referencing this url
https://code.google.com/p/v8/source/detail?r=20377

v8 - V8 JavaScript Engine - Monorail
Vendor Advisory
http://secunia.com/advisories/60372

Sign in
Broken Link

CVEs referencing this url
https://code.google.com/p/v8/source/detail?r=20593

v8 - V8 JavaScript Engine - Monorail
Vendor Advisory

Products affected by CVE-2014-1730

Google » Chrome
Versions before (<) 34.0.1847.131
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions
When used together with: Apple » Mac Os X » Version: N/A
When used together with: Microsoft » Windows » Version: N/A
Google » Chrome
Versions before (<) 34.0.1847.132
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Linux Kernel » Version: N/A

Vulnerability Details : CVE-2014-1730

Exploit prediction scoring system (EPSS) score for CVE-2014-1730

CVSS scores for CVE-2014-1730

CWE ids for CVE-2014-1730

References for CVE-2014-1730

Products affected by CVE-2014-1730