||Google Chrome before 39.0.2171.65 on Android does not prevent navigation to a URL in cases where an intent for the URL lacks CATEGORY_BROWSABLE, which allows remote attackers to bypass intended access restrictions via a crafted web site.
|Base: ||5.0 (as of 19-11-2014 - 11:52)|
Embedding Scripts within Scripts
An attack of this type exploits a programs' vulnerabilities that are brought on by allowing remote hosts to execute scripts. The attacker leverages this capability to execute scripts to execute his/her own script by embedding it within other scripts that the target software is likely to execute. The attacker must have the ability to inject script into script that is likely to be executed. If this is done, then the attacker can potentially launch a variety of probes and attacks against the web server's local environment, in many cases the so-called DMZ, back end resources the web server can communicate with, and other hosts.
With the proliferation of intermediaries, such as Web App Firewalls, network devices, and even printers having JVMs and Web servers, there are many locales where an attacker can inject malicious scripts. Since this attack pattern defines scripts within scripts, there are likely privileges to execute said attack on the host.
Signature Spoofing by Key Theft
An attacker obtains an authoritative or reputable signer's private signature key by theft and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
|NASL family||SuSE Local Security Checks |
|NASL id||OPENSUSE-2014-764.NASL |
|description||chromium was updated to version 39.0.2171.65 to fix 13 security issues.
These security issues were fixed :
- Use-after-free in pepper plugins (CVE-2014-7906).
- Buffer overflow in OpenJPEG before r2911 in PDFium, as used in Google Chromebefore 39.0.2171.65, al...
- Uninitialized memory read in Skia (CVE-2014-7909).
- Unspecified security issues (CVE-2014-7910).
- Integer overflow in media (CVE-2014-7908).
- Integer overflow in the opj_t2_read_packet_data function infxcodec/fx_libopenjpeg/libopenjpeg20/t2....
- Use-after-free in blink (CVE-2014-7907).
- Address bar spoofing (CVE-2014-7899).
- Buffer overflow in Skia (CVE-2014-7904).
- Use-after-free vulnerability in the CPDF_Parser (CVE-2014-7900).
- Use-after-free vulnerability in PDFium allows DoS (CVE-2014-7902).
- Flaw allowing navigation to intents that do not have the BROWSABLE category (CVE-2014-7905).
- Double-free in Flash (CVE-2014-0574). |
|last seen||2019-02-21 |
|plugin id||79997 |
|title||openSUSE Security Update : chromium (openSUSE-SU-2014:1626-1) |
|NASL family||FreeBSD Local Security Checks |
|NASL id||FREEBSD_PKG_D395E44F6F4F11E4A44400262D5ED8EE.NASL |
|description||Google Chrome Releases reports :
42 security fixes in this release, including :
-  High CVE-2014-7899: Address bar spoofing. Credit to Eli Grey.
-  High CVE-2014-7900: Use-after-free in pdfium. Credit to Atte Kettunen from OUSPG.
-  High CVE-2014-7901: Integer overflow in pdfium. Credit to cloudfuzzer.
-  High CVE-2014-7902: Use-after-free in pdfium. Credit to cloudfuzzer.
-  High CVE-2014-7903: Buffer overflow in pdfium. Credit to cloudfuzzer.
-  High CVE-2014-7904: Buffer overflow in Skia. Credit to Atte Kettunen from OUSPG.
-  High CVE-2014-7905: Flaw allowing navigation to intents that do not have the BROWSABLE category. Credit to WangTao(neobyte) of Baidu X-Team.
-  High CVE-2014-7906: Use-after-free in pepper plugins.
Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.
-  High CVE-2014-0574: Double-free in Flash. Credit to biloulehibou.
-  High CVE-2014-7907: Use-after-free in blink. Credit to Chen Zhang (demi6od) of the NSFOCUS Security Team.
-  High CVE-2014-7908: Integer overflow in media. Credit to Christoph Diehl.
-  Medium CVE-2014-7909: Uninitialized memory read in Skia.
Credit to miaubiz.
- CVE-2014-7910: Various fixes from internal audits, fuzzing and other initiatives. |
|last seen||2019-02-21 |
|plugin id||79320 |
|title||FreeBSD : chromium -- multiple vulnerabilities (d395e44f-6f4f-11e4-a444-00262d5ed8ee) |
|Last major update
||06-01-2017 - 22:00
||19-11-2014 - 06:59
||07-09-2017 - 21:29