CVE-2014-3166 — MEDIUM (4.3)

Q: How severe is CVE-2014-3166?

CVE-2014-3166 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-3166?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Apple Mac Os X, Linux Linux Kernel, Microsoft Windows, Google Android.

Vulnerability Description

The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:P/I:N/A:N

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Google	Chrome	< 36.0.1985.143
Apple	Mac Os X	-
Linux	Linux Kernel	-
Microsoft	Windows	-
Google	Android	-
Debian	Debian Linux	7.0
Apple	Iphone Os	-

References

FAQ

What is CVE-2014-3166?

CVE-2014-3166 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY c...

How severe is CVE-2014-3166?

CVE-2014-3166 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-3166?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Apple Mac Os X, Linux Linux Kernel, Microsoft Windows, Google Android.