1. Home
  2. CVE Database
  3. CVE-2014-3197
MEDIUM · 5.0

CVE-2014-3197

The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages ...

Vulnerability Description

The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N
Confidentiality
PARTIAL
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
GoogleChrome<= 38.0.2125.7
RedhatEnterprise Linux Desktop Supplementary6.0
RedhatEnterprise Linux Server Supplementary6.0
RedhatEnterprise Linux Server Supplementary Eus6.6.z
RedhatEnterprise Linux Workstation Supplementary6.0

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2014-3197?

CVE-2014-3197 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages ...

How severe is CVE-2014-3197?

CVE-2014-3197 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-3197?

Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Redhat Enterprise Linux Desktop Supplementary, Redhat Enterprise Linux Server Supplementary, Redhat Enterprise Linux Server Supplementary Eus, Redhat Enterprise Linux Workstation Supplementary.