Published: 21/05/2014 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome prior to 35.0.1916.114, allows remote malicious users to spoof the UI by extending scrollbar painting into the parent frame.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google chrome
google chrome 35.0.1916.99
google chrome 35.0.1916.57
google chrome 35.0.1916.3
google chrome 35.0.1916.38
google chrome 35.0.1916.105
google chrome 35.0.1916.95
google chrome 35.0.1916.52
google chrome 35.0.1916.82
google chrome 35.0.1916.42
google chrome 35.0.1916.36
google chrome 35.0.1916.111
google chrome 35.0.1916.61
google chrome 35.0.1916.98
google chrome 35.0.1916.47
google chrome 35.0.1916.110
google chrome 35.0.1916.10
google chrome 35.0.1916.20
google chrome 35.0.1916.85
google chrome 35.0.1916.9
google chrome 35.0.1916.92
google chrome 35.0.1916.23
google chrome 35.0.1916.49
google chrome 35.0.1916.54
google chrome 35.0.1916.106
google chrome 35.0.1916.35
google chrome 35.0.1916.33
google chrome 35.0.1916.5
google chrome 35.0.1916.11
google chrome 35.0.1916.86
google chrome 35.0.1916.17
google chrome 35.0.1916.13
google chrome 35.0.1916.72
google chrome 35.0.1916.109
google chrome 35.0.1916.77
google chrome 35.0.1916.88
google chrome 35.0.1916.59
google chrome 35.0.1916.44
google chrome 35.0.1916.108
google chrome 35.0.1916.74
google chrome 35.0.1916.45
google chrome 35.0.1916.18
google chrome 35.0.1916.107
google chrome 35.0.1916.21
google chrome 35.0.1916.6
google chrome 35.0.1916.71
google chrome 35.0.1916.41
google chrome 35.0.1916.8
google chrome 35.0.1916.4
google chrome 35.0.1916.19
google chrome 35.0.1916.0
google chrome 35.0.1916.40
google chrome 35.0.1916.101
google chrome 35.0.1916.32
google chrome 35.0.1916.51
google chrome 35.0.1916.80
google chrome 35.0.1916.39
google chrome 35.0.1916.43
google chrome 35.0.1916.93
google chrome 35.0.1916.34
google chrome 35.0.1916.37
google chrome 35.0.1916.103
google chrome 35.0.1916.90
google chrome 35.0.1916.68
google chrome 35.0.1916.1
google chrome 35.0.1916.112
google chrome 35.0.1916.27
google chrome 35.0.1916.7
google chrome 35.0.1916.84
google chrome 35.0.1916.46
google chrome 35.0.1916.104
google chrome 35.0.1916.22
google chrome 35.0.1916.69
google chrome 35.0.1916.15
google chrome 35.0.1916.31
google chrome 35.0.1916.96
google chrome 35.0.1916.14
google chrome 35.0.1916.56
google chrome 35.0.1916.2
google chrome 35.0.1916.48

Several security issues were fixed in Oxide ...

Several security issues were fixed in WebKitGTK+ ...

Several vulnerabilities were discovered in the chromium web browser CVE-2014-1743 cloudfuzzer discovered a use-after-free issue in the Blink/Webkit document object model implementation CVE-2014-1744 Aaron Staple discovered an integer overflow issue in audio input handling CVE-2014-1745 Atte Kettunen discovered a use-after-fr ...

NVD-CWE-noinfo https://code.google.com/p/chromium/issues/detail?id=331168 http://www.debian.org/security/2014/dsa-2939 http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html http://security.gentoo.org/glsa/glsa-201408-16.xml http://secunia.com/advisories/60372 http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html http://secunia.com/advisories/59155 http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html http://support.apple.com/kb/HT6596 http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html http://secunia.com/advisories/58920 http://www.securitytracker.com/id/1030270 https://src.chromium.org/viewvc/blink?revision=170625&view=revision http://www.ubuntu.com/usn/USN-2937-1 https://nvd.nist.gov https://usn.ubuntu.com/2298-1/

Get Started

CVE-2014-1748

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect