CVE-2014-7899 - Vulnerability Details - OpenCVE

Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Google	Chrome
Redhat	Rhel Extras

Configuration 1 [-]

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Supplementary for Red Hat Enterprise Linux 6
chromium-browser-0:39.0.2171.65-2.el6_6	cpe:/a:redhat:rhel_extras:6	RHSA-2014:1894	2014-11-24T00:00:00Z

References

Link	Providers
http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html
http://rhn.redhat.com/errata/RHSA-2014-1894.html
http://secunia.com/advisories/60194
http://www.securityfocus.com/bid/71160
http://www.securitytracker.com/id/1031241
https://code.google.com/p/chromium/issues/detail?id=389734
https://exchange.xforce.ibmcloud.com/vulnerabilities/98787
https://nvd.nist.gov/vuln/detail/CVE-2014-7899
https://src.chromium.org/viewvc/chrome?revision=279232&view=revision
https://www.cve.org/CVERecord?id=CVE-2014-7899

History

No history.

MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2014-11-19T11:00:00

Updated: 2024-08-06T13:03:27.525Z

Reserved: 2014-10-06T00:00:00

Link: CVE-2014-7899

Vulnrichment

No data.

NVD

Status : Modified

Published: 2014-11-19T11:59:00.090

Modified: 2024-11-21T02:18:13.743

Link: CVE-2014-7899

Redhat

Severity : Moderate

Publid Date: 2014-11-18T00:00:00Z

Links: CVE-2014-7899 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2014-10-15T00:00:00", "descriptions": [{"lang": "en", "value": "Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-07T15:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"name": "1031241", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1031241"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/p/chromium/issues/detail?id=389734"}, {"name": "RHSA-2014:1894", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1894.html"}, {"name": "71160", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/71160"}, {"name": "60194", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/60194"}, {"name": "google-chrome-cve20147899-spoofing(98787)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98787"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://src.chromium.org/viewvc/chrome?revision=279232&view=revision"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2014-7899", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1031241", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031241"}, {"name": "https://code.google.com/p/chromium/issues/detail?id=389734", "refsource": "CONFIRM", "url": "https://code.google.com/p/chromium/issues/detail?id=389734"}, {"name": "RHSA-2014:1894", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2014-1894.html"}, {"name": "71160", "refsource": "BID", "url": "http://www.securityfocus.com/bid/71160"}, {"name": "60194", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/60194"}, {"name": "google-chrome-cve20147899-spoofing(98787)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98787"}, {"name": "https://src.chromium.org/viewvc/chrome?revision=279232&view=revision", "refsource": "CONFIRM", "url": "https://src.chromium.org/viewvc/chrome?revision=279232&view=revision"}, {"name": "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T13:03:27.525Z"}, "title": "CVE Program Container", "references": [{"name": "1031241", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1031241"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.google.com/p/chromium/issues/detail?id=389734"}, {"name": "RHSA-2014:1894", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2014-1894.html"}, {"name": "71160", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/71160"}, {"name": "60194", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/60194"}, {"name": "google-chrome-cve20147899-spoofing(98787)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98787"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://src.chromium.org/viewvc/chrome?revision=279232&view=revision"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2014-7899", "datePublished": "2014-11-19T11:00:00", "dateReserved": "2014-10-06T00:00:00", "dateUpdated": "2024-08-06T13:03:27.525Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "49217EEC-AE40-4FBD-A5D4-B4A323CD5645", "versionEndIncluding": "38.0.2125.7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Google Chrome before 38.0.2125.101 allows remote attackers to spoof the address bar by placing a blob: substring at the beginning of the URL, followed by the original URI scheme and a long username string."}, {"lang": "es", "value": "Google Chrome anterior a 38.0.2125.101 permite a atacantes remotos falsificar la barra de direcciones mediante la colocaci\u00f3n de un blob, es decir, una subcadena al principio de la direcci\u00f3n URL, seguido por el esquema original URI y una cadena con un largo nombre de usuario."}], "id": "CVE-2014-7899", "lastModified": "2024-11-21T02:18:13.743", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2014-11-19T11:59:00.090", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://rhn.redhat.com/errata/RHSA-2014-1894.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://secunia.com/advisories/60194"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securityfocus.com/bid/71160"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securitytracker.com/id/1031241"}, {"source": "chrome-cve-admin@google.com", "url": "https://code.google.com/p/chromium/issues/detail?id=389734"}, {"source": "chrome-cve-admin@google.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98787"}, {"source": "chrome-cve-admin@google.com", "url": "https://src.chromium.org/viewvc/chrome?revision=279232&view=revision"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2014-1894.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/60194"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/71160"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1031241"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://code.google.com/p/chromium/issues/detail?id=389734"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98787"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://src.chromium.org/viewvc/chrome?revision=279232&view=revision"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}