Published: 21/05/2014 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 385

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome prior to 35.0.1916.114, allows remote malicious users to inject arbitrary web script or HTML via crafted MHTML content, aka "Universal XSS (UXSS)."

Vulnerable Product	Search on Vulmon	Subscribe to Product
google chrome
google chrome 35.0.1916.99
google chrome 35.0.1916.57
google chrome 35.0.1916.3
google chrome 35.0.1916.38
google chrome 35.0.1916.105
google chrome 35.0.1916.95
google chrome 35.0.1916.52
google chrome 35.0.1916.82
google chrome 35.0.1916.42
google chrome 35.0.1916.36
google chrome 35.0.1916.111
google chrome 35.0.1916.61
google chrome 35.0.1916.98
google chrome 35.0.1916.47
google chrome 35.0.1916.110
google chrome 35.0.1916.10
google chrome 35.0.1916.20
google chrome 35.0.1916.85
google chrome 35.0.1916.9
google chrome 35.0.1916.92
google chrome 35.0.1916.23
google chrome 35.0.1916.49
google chrome 35.0.1916.54
google chrome 35.0.1916.106
google chrome 35.0.1916.35
google chrome 35.0.1916.33
google chrome 35.0.1916.5
google chrome 35.0.1916.11
google chrome 35.0.1916.86
google chrome 35.0.1916.17
google chrome 35.0.1916.13
google chrome 35.0.1916.72
google chrome 35.0.1916.109
google chrome 35.0.1916.77
google chrome 35.0.1916.88
google chrome 35.0.1916.59
google chrome 35.0.1916.44
google chrome 35.0.1916.108
google chrome 35.0.1916.74
google chrome 35.0.1916.45
google chrome 35.0.1916.18
google chrome 35.0.1916.107
google chrome 35.0.1916.21
google chrome 35.0.1916.6
google chrome 35.0.1916.71
google chrome 35.0.1916.41
google chrome 35.0.1916.8
google chrome 35.0.1916.4
google chrome 35.0.1916.19
google chrome 35.0.1916.0
google chrome 35.0.1916.40
google chrome 35.0.1916.101
google chrome 35.0.1916.32
google chrome 35.0.1916.51
google chrome 35.0.1916.80
google chrome 35.0.1916.39
google chrome 35.0.1916.43
google chrome 35.0.1916.93
google chrome 35.0.1916.34
google chrome 35.0.1916.37
google chrome 35.0.1916.103
google chrome 35.0.1916.90
google chrome 35.0.1916.68
google chrome 35.0.1916.1
google chrome 35.0.1916.112
google chrome 35.0.1916.27
google chrome 35.0.1916.7
google chrome 35.0.1916.84
google chrome 35.0.1916.46
google chrome 35.0.1916.104
google chrome 35.0.1916.22
google chrome 35.0.1916.69
google chrome 35.0.1916.15
google chrome 35.0.1916.31
google chrome 35.0.1916.96
google chrome 35.0.1916.14
google chrome 35.0.1916.56
google chrome 35.0.1916.2
google chrome 35.0.1916.48

Several vulnerabilities were discovered in the chromium web browser CVE-2014-1743 cloudfuzzer discovered a use-after-free issue in the Blink/Webkit document object model implementation CVE-2014-1744 Aaron Staple discovered an integer overflow issue in audio input handling CVE-2014-1745 Atte Kettunen discovered a use-after-fr ...

CWE-79 http://www.debian.org/security/2014/dsa-2939 http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html http://security.gentoo.org/glsa/glsa-201408-16.xml http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html https://src.chromium.org/viewvc/blink?revision=169499&view=revision http://secunia.com/advisories/59155 http://secunia.com/advisories/58920 http://www.securitytracker.com/id/1030270 https://code.google.com/p/chromium/issues/detail?id=330663 https://www.debian.org/security/./dsa-2939 https://nvd.nist.gov

Get Started

CVE-2014-1747

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect