Upstream information
Description
Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc.SUSE information
Overall state of this security issue: Resolved
This issue is currently rated as having moderate severity.
National Vulnerability Database | |
---|---|
Base Score | 7.8 |
Vector | AV:N/AC:L/Au:N/C:C/I:N/A:N |
Access Vector | Network |
Access Complexity | Low |
Authentication | None |
Confidentiality Impact | Complete |
Integrity Impact | None |
Availability Impact | None |
SUSE Security Advisories:
- openSUSE-SU-2014:0668-1, published Fri, 16 May 2014 15:04:15 +0200 (CEST)
- openSUSE-SU-2014:0669-1, published Fri, 16 May 2014 16:04:35 +0200 (CEST)
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
openSUSE Leap 15.0 |
| Patchnames: openSUSE Leap 15.0 GA chromium-66.0.3359.170-lp150.1.1 |
openSUSE Tumbleweed |
| Patchnames: openSUSE Tumbleweed GA chromedriver-55.0.2883.75-3.1 openSUSE Tumbleweed GA libv8-5-5.3.171-4.1 openSUSE Tumbleweed GA ungoogled-chromium-113.0.5672.92-1.1 |
SUSE Timeline for this CVE
CVE page created: Thu Mar 8 11:25:03 2012CVE page last modified: Mon May 22 00:31:18 2023