Published: 20/07/2014 Updated: 07/11/2023

CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10

VMScore: 570

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:N

The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome prior to 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote malicious users to spoof the URL in the Omnibox via unspecified vectors.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google chrome
google chrome 36.0.1985.1
google chrome 36.0.1985.2
google chrome 36.0.1985.3
google chrome 36.0.1985.4
google chrome 36.0.1985.5
google chrome 36.0.1985.6
google chrome 36.0.1985.8
google chrome 36.0.1985.12
google chrome 36.0.1985.13
google chrome 36.0.1985.14
google chrome 36.0.1985.15
google chrome 36.0.1985.16
google chrome 36.0.1985.17
google chrome 36.0.1985.18
google chrome 36.0.1985.19
google chrome 36.0.1985.20
google chrome 36.0.1985.21
google chrome 36.0.1985.22
google chrome 36.0.1985.23
google chrome 36.0.1985.24
google chrome 36.0.1985.25
google chrome 36.0.1985.26
google chrome 36.0.1985.27
google chrome 36.0.1985.28
google chrome 36.0.1985.29
google chrome 36.0.1985.30
google chrome 36.0.1985.31
google chrome 36.0.1985.32
google chrome 36.0.1985.33
google chrome 36.0.1985.34
google chrome 36.0.1985.35
google chrome 36.0.1985.36
google chrome 36.0.1985.37
google chrome 36.0.1985.38
google chrome 36.0.1985.39
google chrome 36.0.1985.40
google chrome 36.0.1985.41
google chrome 36.0.1985.42
google chrome 36.0.1985.43
google chrome 36.0.1985.44
google chrome 36.0.1985.45
google chrome 36.0.1985.46
google chrome 36.0.1985.47
google chrome 36.0.1985.48
google chrome 36.0.1985.49
google chrome 36.0.1985.50
google chrome 36.0.1985.51
google chrome 36.0.1985.52
google chrome 36.0.1985.53
google chrome 36.0.1985.54
google chrome 36.0.1985.55
google chrome 36.0.1985.56
google chrome 36.0.1985.57
google chrome 36.0.1985.58
google chrome 36.0.1985.59
google chrome 36.0.1985.60
google chrome 36.0.1985.61
google chrome 36.0.1985.62
google chrome 36.0.1985.63
google chrome 36.0.1985.64
google chrome 36.0.1985.65
google chrome 36.0.1985.66
google chrome 36.0.1985.67
google chrome 36.0.1985.68
google chrome 36.0.1985.69
google chrome 36.0.1985.70
google chrome 36.0.1985.72
google chrome 36.0.1985.73
google chrome 36.0.1985.74
google chrome 36.0.1985.75
google chrome 36.0.1985.76
google chrome 36.0.1985.77
google chrome 36.0.1985.78
google chrome 36.0.1985.79
google chrome 36.0.1985.81
google chrome 36.0.1985.82
google chrome 36.0.1985.83
google chrome 36.0.1985.84
google chrome 36.0.1985.85
google chrome 36.0.1985.86
google chrome 36.0.1985.87
google chrome 36.0.1985.88
google chrome 36.0.1985.89
google chrome 36.0.1985.90
google chrome 36.0.1985.91
google chrome 36.0.1985.92
google chrome 36.0.1985.93
google chrome 36.0.1985.94
google chrome 36.0.1985.95
google chrome 36.0.1985.96
google chrome 36.0.1985.97
google chrome 36.0.1985.98
google chrome 36.0.1985.99
google chrome 36.0.1985.100
google chrome 36.0.1985.101
google chrome 36.0.1985.102
google chrome 36.0.1985.103
google chrome 36.0.1985.104
google chrome 36.0.1985.105

for test attack

seungminaaagithubio for test attack xhtml, attackhtml is for cve-2019-13742 contenthtml is for cve-2019-13749 spoofhtml is for cve-2016-1707 repro1html, repro2html is for cve-2014-3159 spoof2html is for cve-2020-6827

CWE-20 http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html https://code.google.com/p/chromium/issues/detail?id=352083 https://src.chromium.org/viewvc/chrome?revision=273865&view=revision https://nvd.nist.gov https://github.com/seungminaaa/seungminaaa.github.io https://www.securityfocus.com/bid/68679

Get Started

CVE-2014-3159

Vulnerability Summary

Most Upvoted Vulmon Research Post

Github Repositories

References

Vulmon Search

About

Products

Connect