Google.Chrome.Prior.to.36.0.1985.125.Multiple.Vulnerabilities
Description
Google Chrome is a Web browser for multiple platforms.
The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file. (CVE-2014-3160)
Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. (CVE-2014-3162)
Affected Products
Google Chrome Prior to 36.0.1985.125
Impact
This vulnerability could allow an attacker to execute malicious code on a vulnerable system.
Recommended Actions
Please download and apply patches as instructed in http://googlechromereleases.blogspot.dk/2014/07/stable-channel-update.html.
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |