CVE-2014-1701

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2014-1701 at MITRE

Description

The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to conduct Universal XSS (UXSS) attacks via vectors involving events.

NVD CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)

SUSE information

SUSE Bugzilla entry: 866959

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 12.3
  • chromedriver >= 33.0.1750.152-1.33.2
  • chromedriver-debuginfo >= 33.0.1750.152-1.33.2
  • chromium >= 33.0.1750.152-1.33.2
  • chromium-debuginfo >= 33.0.1750.152-1.33.2
  • chromium-debugsource >= 33.0.1750.152-1.33.2
  • chromium-desktop-gnome >= 33.0.1750.152-1.33.2
  • chromium-desktop-kde >= 33.0.1750.152-1.33.2
  • chromium-ffmpegsumo >= 33.0.1750.152-1.33.2
  • chromium-ffmpegsumo-debuginfo >= 33.0.1750.152-1.33.2
  • chromium-suid-helper >= 33.0.1750.152-1.33.2
  • chromium-suid-helper-debuginfo >= 33.0.1750.152-1.33.2
Patchnames:
openSUSE-2014-280
openSUSE 13.1
  • chromedriver >= 33.0.1750.152-25.2
  • chromedriver-debuginfo >= 33.0.1750.152-25.2
  • chromium >= 33.0.1750.152-25.2
  • chromium-debuginfo >= 33.0.1750.152-25.2
  • chromium-debugsource >= 33.0.1750.152-25.2
  • chromium-desktop-gnome >= 33.0.1750.152-25.2
  • chromium-desktop-kde >= 33.0.1750.152-25.2
  • chromium-ffmpegsumo >= 33.0.1750.152-25.2
  • chromium-ffmpegsumo-debuginfo >= 33.0.1750.152-25.2
  • chromium-suid-helper >= 33.0.1750.152-25.2
  • chromium-suid-helper-debuginfo >= 33.0.1750.152-25.2
Patchnames:
openSUSE-2014-280