Vulnerability Description
The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video stream.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chrome | <= 36.0.1985.106 | |
| Android | All versions |
Related Weaknesses (CWE)
References
- http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html
- https://code.google.com/p/chromium/issues/detail?id=334204
- https://src.chromium.org/viewvc/chrome?revision=266396&view=revision
- http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html
- https://code.google.com/p/chromium/issues/detail?id=334204
- https://src.chromium.org/viewvc/chrome?revision=266396&view=revision
FAQ
What is CVE-2014-3161?
CVE-2014-3161 is a vulnerability with a CVSS score of 7.5 (HIGH). The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which a...
How severe is CVE-2014-3161?
CVE-2014-3161 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-3161?
Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Google Android.