Google.Chrome.Prior.to.36.0.1985.125.Multiple.Vulnerabilities

description-logoDescription

Google Chrome is a Web browser for multiple platforms.
The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file. (CVE-2014-3160)
Multiple unspecified vulnerabilities in Google Chrome before 36.0.1985.125 allow attackers to cause a denial of service or possibly have other impact via unknown vectors. (CVE-2014-3162)

affected-products-logoAffected Products

Google Chrome Prior to 36.0.1985.125

Impact logoImpact

This vulnerability could allow an attacker to execute malicious code on a vulnerable system.

recomended-action-logoRecommended Actions

Please download and apply patches as instructed in http://googlechromereleases.blogspot.dk/2014/07/stable-channel-update.html.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)