CVE-2014-1730

Description

Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc.

Predictions

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

References

• http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
• http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html
• http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html
• http://secunia.com/advisories/58301
• http://secunia.com/advisories/60372
• http://security.gentoo.org/glsa/glsa-201408-16.xml
• http://www.debian.org/security/2014/dsa-2920
• https://code.google.com/p/chromium/issues/detail?id=354967
• https://code.google.com/p/v8/source/detail?r=20375
• https://code.google.com/p/v8/source/detail?r=20377
• https://code.google.com/p/v8/source/detail?r=20388
• https://code.google.com/p/v8/source/detail?r=20593
• https://code.google.com/p/v8/source/detail?r=20595
• http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
• http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html
• http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html
• http://secunia.com/advisories/58301
• http://secunia.com/advisories/60372
• http://security.gentoo.org/glsa/glsa-201408-16.xml
• http://www.debian.org/security/2014/dsa-2920
• https://code.google.com/p/chromium/issues/detail?id=354967
• https://code.google.com/p/v8/source/detail?r=20375
• https://code.google.com/p/v8/source/detail?r=20377
• https://code.google.com/p/v8/source/detail?r=20388
• https://code.google.com/p/v8/source/detail?r=20593

CWEs

CWE-843