ID CVE-2014-7905
Summary Google Chrome before 39.0.2171.65 on Android does not prevent navigation to a URL in cases where an intent for the URL lacks CATEGORY_BROWSABLE, which allows remote attackers to bypass intended access restrictions via a crafted web site.
References
Vulnerable Configurations
  • cpe:2.3:a:google:chrome:39.0.2171.45:-:-:-:-:android
    cpe:2.3:a:google:chrome:39.0.2171.45:-:-:-:-:android
CVSS
Base: 5.0 (as of 19-11-2014 - 11:52)
Impact:
Exploitability:
CWE CWE-284
CAPEC
  • Embedding Scripts within Scripts
    An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts. With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host. Of course, these attacks are not solely limited to the server side, client side scripts like Ajax and client side JavaScript can contain malicious scripts as well. In general all that is required is for there to be sufficient privileges to execute a script, but not protected against writing.
  • Signature Spoofing by Key Theft
    An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2014-764.NASL
    description chromium was updated to version 39.0.2171.65 to fix 13 security issues. These security issues were fixed : - Use-after-free in pepper plugins (CVE-2014-7906). - Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chromebefore 39.0.2171.65, al... (CVE-2014-7903). - Uninitialized memory read in Skia (CVE-2014-7909). - Unspecified security issues (CVE-2014-7910). - Integer overflow in media (CVE-2014-7908). - Integer overflow in the opj_t2_read_packet_data function infxcodec/fx_libopenjpeg/libopenjpeg20/t2.... (CVE-2014-7901). - Use-after-free in blink (CVE-2014-7907). - Address bar spoofing (CVE-2014-7899). - Buffer overflow in Skia (CVE-2014-7904). - Use-after-free vulnerability in the CPDF_Parser (CVE-2014-7900). - Use-after-free vulnerability in PDFium allows DoS (CVE-2014-7902). - Flaw allowing navigation to intents that do not have the BROWSABLE category (CVE-2014-7905). - Double-free in Flash (CVE-2014-0574).
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79997
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79997
    title openSUSE Security Update : chromium (openSUSE-SU-2014:1626-1)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_D395E44F6F4F11E4A44400262D5ED8EE.NASL
    description Google Chrome Releases reports : 42 security fixes in this release, including : - [389734] High CVE-2014-7899: Address bar spoofing. Credit to Eli Grey. - [406868] High CVE-2014-7900: Use-after-free in pdfium. Credit to Atte Kettunen from OUSPG. - [413375] High CVE-2014-7901: Integer overflow in pdfium. Credit to cloudfuzzer. - [414504] High CVE-2014-7902: Use-after-free in pdfium. Credit to cloudfuzzer. - [414525] High CVE-2014-7903: Buffer overflow in pdfium. Credit to cloudfuzzer. - [418161] High CVE-2014-7904: Buffer overflow in Skia. Credit to Atte Kettunen from OUSPG. - [421817] High CVE-2014-7905: Flaw allowing navigation to intents that do not have the BROWSABLE category. Credit to WangTao(neobyte) of Baidu X-Team. - [423030] High CVE-2014-7906: Use-after-free in pepper plugins. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team. - [423703] High CVE-2014-0574: Double-free in Flash. Credit to biloulehibou. - [424453] High CVE-2014-7907: Use-after-free in blink. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team. - [425980] High CVE-2014-7908: Integer overflow in media. Credit to Christoph Diehl. - [391001] Medium CVE-2014-7909: Uninitialized memory read in Skia. Credit to miaubiz. - CVE-2014-7910: Various fixes from internal audits, fuzzing and other initiatives.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 79320
    published 2014-11-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79320
    title FreeBSD : chromium -- multiple vulnerabilities (d395e44f-6f4f-11e4-a444-00262d5ed8ee)
refmap via4
bid 71162
confirm
sectrack 1031241
xf google-chrome-cve20147905-unspec(98793)
Last major update 06-01-2017 - 22:00
Published 19-11-2014 - 06:59
Last modified 07-09-2017 - 21:29
Back to Top