1. Home
  2. CVE Database
  3. CVE-2014-3188
HIGH · 10.0

CVE-2014-3188

Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors i...

Vulnerability Description

Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in json-parser.h.

CVSS Score

10.0

HIGH

AV:N/AC:L/Au:N/C:C/I:C/A:C
Confidentiality
COMPLETE
Integrity
COMPLETE
Availability
COMPLETE

Affected Products

VendorProductVersions
GoogleChrome Os<= 38.0.2125.77
GoogleChrome<= 38.0.2125.7
RedhatEnterprise Linux Desktop Supplementary6.0
RedhatEnterprise Linux Server Supplementary6.0
RedhatEnterprise Linux Server Supplementary Eus6.6.z
RedhatEnterprise Linux Workstation Supplementary6.0

Related Weaknesses (CWE)

CWE-94

References

FAQ

What is CVE-2014-3188?

CVE-2014-3188 is a vulnerability with a CVSS score of 10.0 (HIGH). Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors i...

How severe is CVE-2014-3188?

CVE-2014-3188 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-3188?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome Os, Google Chrome, Redhat Enterprise Linux Desktop Supplementary, Redhat Enterprise Linux Server Supplementary, Redhat Enterprise Linux Server Supplementary Eus.