CVE-2014-1730

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-1730
Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc.

7.8 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 10.0 / Impact : 6.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html
http://secunia.com/advisories/58301
http://secunia.com/advisories/60372
http://security.gentoo.org/glsa/glsa-201408-16.xml
http://www.debian.org/security/2014/dsa-2920
https://code.google.com/p/chromium/issues/detail?id=354967
https://code.google.com/p/v8/source/detail?r=20375
https://code.google.com/p/v8/source/detail?r=20377
https://code.google.com/p/v8/source/detail?r=20388
https://code.google.com/p/v8/source/detail?r=20593
https://code.google.com/p/v8/source/detail?r=20595
http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html
http://secunia.com/advisories/58301
http://secunia.com/advisories/60372
http://security.gentoo.org/glsa/glsa-201408-16.xml
http://www.debian.org/security/2014/dsa-2920
https://code.google.com/p/chromium/issues/detail?id=354967
https://code.google.com/p/v8/source/detail?r=20375
https://code.google.com/p/v8/source/detail?r=20377
https://code.google.com/p/v8/source/detail?r=20388
https://code.google.com/p/v8/source/detail?r=20593
https://code.google.com/p/v8/source/detail?r=20595
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
OR cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
History

21 Nov 2024, 02:04

Type Values Removed Values Added
References () http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html - () http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html -
References () http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html - () http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html -
References () http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html - () http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html -
References () http://secunia.com/advisories/58301 - () http://secunia.com/advisories/58301 -
References () http://secunia.com/advisories/60372 - () http://secunia.com/advisories/60372 -
References () http://security.gentoo.org/glsa/glsa-201408-16.xml - () http://security.gentoo.org/glsa/glsa-201408-16.xml -
References () http://www.debian.org/security/2014/dsa-2920 - () http://www.debian.org/security/2014/dsa-2920 -
References () https://code.google.com/p/chromium/issues/detail?id=354967 - () https://code.google.com/p/chromium/issues/detail?id=354967 -
References () https://code.google.com/p/v8/source/detail?r=20375 - () https://code.google.com/p/v8/source/detail?r=20375 -
References () https://code.google.com/p/v8/source/detail?r=20377 - () https://code.google.com/p/v8/source/detail?r=20377 -
References () https://code.google.com/p/v8/source/detail?r=20388 - () https://code.google.com/p/v8/source/detail?r=20388 -
References () https://code.google.com/p/v8/source/detail?r=20593 - () https://code.google.com/p/v8/source/detail?r=20593 -
References () https://code.google.com/p/v8/source/detail?r=20595 - () https://code.google.com/p/v8/source/detail?r=20595 -

07 Nov 2023, 02:19

Type Values Removed Values Added
References (CONFIRM) http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html - Broken Link, Release Notes, Vendor Advisory () http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html -
References (DEBIAN) http://www.debian.org/security/2014/dsa-2920 - Third Party Advisory () http://www.debian.org/security/2014/dsa-2920 -
References (CONFIRM) https://code.google.com/p/v8/source/detail?r=20595 - Vendor Advisory () https://code.google.com/p/v8/source/detail?r=20595 -
References (SUSE) http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html - Broken Link () http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html -
References (CONFIRM) https://code.google.com/p/v8/source/detail?r=20377 - Vendor Advisory () https://code.google.com/p/v8/source/detail?r=20377 -
References (SECUNIA) http://secunia.com/advisories/58301 - Broken Link, Vendor Advisory () http://secunia.com/advisories/58301 -
References (SUSE) http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html - Broken Link () http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html -
References (CONFIRM) https://code.google.com/p/v8/source/detail?r=20593 - Vendor Advisory () https://code.google.com/p/v8/source/detail?r=20593 -
References (CONFIRM) https://code.google.com/p/chromium/issues/detail?id=354967 - Permissions Required () https://code.google.com/p/chromium/issues/detail?id=354967 -
References (SECUNIA) http://secunia.com/advisories/60372 - Broken Link () http://secunia.com/advisories/60372 -
References (CONFIRM) https://code.google.com/p/v8/source/detail?r=20388 - Vendor Advisory () https://code.google.com/p/v8/source/detail?r=20388 -
References (CONFIRM) https://code.google.com/p/v8/source/detail?r=20375 - Vendor Advisory () https://code.google.com/p/v8/source/detail?r=20375 -
References (GENTOO) http://security.gentoo.org/glsa/glsa-201408-16.xml - Third Party Advisory () http://security.gentoo.org/glsa/glsa-201408-16.xml -
Information

Published : 2014-04-26 10:55

Updated : 2025-04-12 10:46

NVD link : CVE-2014-1730

Mitre link : CVE-2014-1730

CVE.ORG link : CVE-2014-1730

JSON object : View

Products Affected

apple

  • mac_os_x

linux

  • linux_kernel

microsoft

  • windows

google

  • chrome
CWE
CWE-843

Access of Resource Using Incompatible Type ('Type Confusion')