Vulnerability Description
Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka "Universal XSS (UXSS)."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chrome | <= 35.0.1916.113 |
Related Weaknesses (CWE)
References
- http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html
- http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html
- http://secunia.com/advisories/58920
- http://secunia.com/advisories/59155
- http://security.gentoo.org/glsa/glsa-201408-16.xml
- http://www.debian.org/security/2014/dsa-2939
- http://www.securitytracker.com/id/1030270
- https://code.google.com/p/chromium/issues/detail?id=330663
- https://src.chromium.org/viewvc/blink?revision=169499&view=revision
- http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html
- http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html
- http://secunia.com/advisories/58920
- http://secunia.com/advisories/59155
- http://security.gentoo.org/glsa/glsa-201408-16.xml
- http://www.debian.org/security/2014/dsa-2939
FAQ
What is CVE-2014-1747?
CVE-2014-1747 is a vulnerability with a CVSS score of 4.3 (MEDIUM). Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote att...
How severe is CVE-2014-1747?
CVE-2014-1747 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-1747?
Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome.