Endpoint Vulnerability

Security Vulnerability CVE-2014-1725 for Google Chrome

Description

The base64DecodeInternal function in wtf/text/Base64.cpp in Blink, as used in Google Chrome before 34.0.1847.116, does not properly handle string data composed exclusively of whitespace characters, which allows remote attackers to cause a denial of service (out-of-bounds read) via a window.atob method call.

Affected Products

Google Chrome

References

CVE-2014-1725,