CVE-2014-7924

Upstream information

CVE-2014-7924 at MITRE

Description

Use-after-free vulnerability in the IndexedDB implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering duplicate BLOB references, related to content/browser/indexed_db/indexed_db_callbacks.cc and content/browser/indexed_db/indexed_db_dispatcher_host.cc.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	5
Vector	AV:N/AC:L/Au:N/C:N/I:N/A:P
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	None
Integrity Impact	None
Availability Impact	Partial

SUSE Bugzilla entry: 914468 [RESOLVED]

SUSE Security Advisories:

openSUSE-SU-2015:0441-1, published Fri, 6 Mar 2015 13:04:51 +0100 (CET)

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Leap 15.0	`chromium >= 66.0.3359.170-lp150.1.1`	Patchnames: openSUSE Leap 15.0 GA chromium
openSUSE Tumbleweed	`chromedriver >= 55.0.2883.75-3.1` `chromium >= 55.0.2883.75-3.1`	Patchnames: openSUSE Tumbleweed GA chromedriver

CVE-2014-7924

Common Vulnerabilities and Exposures

Upstream information

Description

SUSE information

List of released packages

SUSE Linux Enterprise

SUSE Rancher

Solutions

Industries

Support

Services

Resources

Partners

Communities

About