1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
|
PublicDateAtUSN: 2014-10-08
Candidate: CVE-2014-3197
PublicDate: 2014-10-08
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3197
https://src.chromium.org/viewvc/blink?revision=179240&view=revision
https://crbug.com/396544
http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html
http://www.ubuntu.com/usn/usn-2345-1
Description:
The NavigationScheduler::schedulePageBlock function in
core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome
before 38.0.2125.101, does not properly provide substitute data for pages
blocked by the XSS auditor, which allows remote attackers to obtain
sensitive information via a crafted web site.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Takeshi Terada
Assigned-to:
Patches_chromium-browser:
upstream_chromium-browser: released (38.0.2125.101)
lucid_chromium-browser: ignored (reached end-of-life)
precise_chromium-browser: not-affected
trusty_chromium-browser: not-affected
devel_chromium-browser: not-affected
Patches_oxide-qt:
upstream_oxide-qt: released (1.2.5)
lucid_oxide-qt: DNE
precise_oxide-qt: DNE
trusty_oxide-qt: released (1.2.5-0ubuntu0.14.04.1)
devel_oxide-qt: released (1.2.5-0ubuntu1)
|