Vulnerability Details : CVE-2014-3803
The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute.
Vulnerability category: Information leak
Exploit prediction scoring system (EPSS) score for CVE-2014-3803
Probability of exploitation activity in the next 30 days: 2.61%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 89 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2014-3803
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2014-3803
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-3803
-
http://blog.guya.net/2014/04/07/to-listen-without-consent-abusing-the-html5-speech/
To Listen Without Consent – Abusing the HTML5 SpeechExploit
-
http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
http://www.securityfocus.com/bid/67582
Google Chrome CVE-2014-3803 Information Disclosure VulnerabilityThird Party Advisory;VDB Entry
-
https://code.google.com/p/chromium/issues/detail?id=360448
360448 - Eavesdrop on the user speech - abusing the old speech API - chromium - MonorailExploit
-
https://src.chromium.org/viewvc/blink?revision=171373&view=revision
[blink] Revision 171373Vendor Advisory
-
http://secunia.com/advisories/60372
Sign in
Products affected by CVE-2014-3803
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.10:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.101:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.11:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.110:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.17:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.18:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.27:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.3:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.38:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.39:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.45:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.46:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.54:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.56:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.71:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.0:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.1:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.108:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.109:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.14:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.15:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.22:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.23:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.36:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.37:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.43:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.44:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.51:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.52:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.69:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.7:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.82:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.84:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.93:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.95:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.103:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.104:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.111:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.112:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.19:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.2:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.31:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.32:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.4:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.40:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.47:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.48:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.57:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.59:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.6:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.74:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.77:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.88:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.9:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.72:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.85:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.86:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.96:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.98:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.99:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.105:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.106:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.107:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.13:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.20:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.21:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.33:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.34:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.35:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.41:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.42:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.49:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.5:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.61:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.68:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.8:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.80:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.90:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:35.0.1916.92:*:*:*:*:*:*:*