Vulnerability Description
The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote attackers to spoof the URL in the Omnibox via unspecified vectors.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chrome | <= 36.0.1985.106 | |
| Android | All versions |
Related Weaknesses (CWE)
References
- http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html
- https://code.google.com/p/chromium/issues/detail?id=352083
- https://src.chromium.org/viewvc/chrome?revision=273865&view=revision
- http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html
- https://code.google.com/p/chromium/issues/detail?id=352083
- https://src.chromium.org/viewvc/chrome?revision=273865&view=revision
FAQ
What is CVE-2014-3159?
CVE-2014-3159 is a vulnerability with a CVSS score of 6.4 (MEDIUM). The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly ...
How severe is CVE-2014-3159?
CVE-2014-3159 has been rated MEDIUM with a CVSS base score of 6.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3159?
Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Google Android.