CVE-2014-3160
The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file.
| Software | From | Fixed in |
|---|---|---|
| debian / debian_linux | 8.0 | 8.0.x |
| debian / debian_linux | 7.0 | 7.0.x |
| google / chrome | 36.0.1985.2 | 36.0.1985.2.x |
| google / chrome | 36.0.1985.24 | 36.0.1985.24.x |
| google / chrome | 36.0.1985.15 | 36.0.1985.15.x |
| google / chrome | 36.0.1985.92 | 36.0.1985.92.x |
| google / chrome | 36.0.1985.69 | 36.0.1985.69.x |
| google / chrome | 36.0.1985.49 | 36.0.1985.49.x |
| google / chrome | 36.0.1985.79 | 36.0.1985.79.x |
| google / chrome | 36.0.1985.103 | 36.0.1985.103.x |
| google / chrome | 36.0.1985.16 | 36.0.1985.16.x |
| google / chrome | 36.0.1985.62 | 36.0.1985.62.x |
| google / chrome | 36.0.1985.41 | 36.0.1985.41.x |
| google / chrome | 36.0.1985.97 | 36.0.1985.97.x |
| google / chrome | 36.0.1985.3 | 36.0.1985.3.x |
| google / chrome | 36.0.1985.123 | 36.0.1985.123.x |
| google / chrome | 36.0.1985.17 | 36.0.1985.17.x |
| google / chrome | 36.0.1985.45 | 36.0.1985.45.x |
| google / chrome | 36.0.1985.102 | 36.0.1985.102.x |
| google / chrome | 36.0.1985.104 | 36.0.1985.104.x |
| google / chrome | 36.0.1985.40 | 36.0.1985.40.x |
| google / chrome | 36.0.1985.66 | 36.0.1985.66.x |
| google / chrome | 36.0.1985.75 | 36.0.1985.75.x |
| google / chrome | 36.0.1985.19 | 36.0.1985.19.x |
| google / chrome | 36.0.1985.31 | 36.0.1985.31.x |
| google / chrome | 36.0.1985.52 | 36.0.1985.52.x |
| google / chrome | 36.0.1985.70 | 36.0.1985.70.x |
| google / chrome | 36.0.1985.27 | 36.0.1985.27.x |
| google / chrome | 36.0.1985.29 | 36.0.1985.29.x |
| google / chrome | 36.0.1985.59 | 36.0.1985.59.x |
| google / chrome | 36.0.1985.18 | 36.0.1985.18.x |
| google / chrome | 36.0.1985.1 | 36.0.1985.1.x |
| google / chrome | 36.0.1985.42 | 36.0.1985.42.x |
| google / chrome | 36.0.1985.51 | 36.0.1985.51.x |
| google / chrome | 36.0.1985.77 | 36.0.1985.77.x |
| google / chrome | 36.0.1985.99 | 36.0.1985.99.x |
| google / chrome | 36.0.1985.50 | 36.0.1985.50.x |
| google / chrome | 36.0.1985.25 | 36.0.1985.25.x |
| google / chrome | 36.0.1985.105 | 36.0.1985.105.x |
| google / chrome | 36.0.1985.64 | 36.0.1985.64.x |
| google / chrome | 36.0.1985.38 | 36.0.1985.38.x |
| google / chrome | 36.0.1985.43 | 36.0.1985.43.x |
| google / chrome | 36.0.1985.96 | 36.0.1985.96.x |
| google / chrome | 36.0.1985.83 | 36.0.1985.83.x |
| google / chrome | 36.0.1985.13 | 36.0.1985.13.x |
| google / chrome | 36.0.1985.98 | 36.0.1985.98.x |
| google / chrome | 36.0.1985.85 | 36.0.1985.85.x |
| google / chrome | 36.0.1985.35 | 36.0.1985.35.x |
| google / chrome | 36.0.1985.73 | 36.0.1985.73.x |
| google / chrome | 36.0.1985.12 | 36.0.1985.12.x |
| google / chrome | 36.0.1985.122 | 36.0.1985.122.x |
| google / chrome | 36.0.1985.91 | 36.0.1985.91.x |
| google / chrome | 36.0.1985.74 | 36.0.1985.74.x |
| google / chrome | 36.0.1985.46 | 36.0.1985.46.x |
| google / chrome | 36.0.1985.88 | 36.0.1985.88.x |
| google / chrome | 36.0.1985.48 | 36.0.1985.48.x |
| google / chrome | 36.0.1985.55 | 36.0.1985.55.x |
| google / chrome | 36.0.1985.30 | 36.0.1985.30.x |
| google / chrome | 36.0.1985.26 | 36.0.1985.26.x |
| google / chrome | 36.0.1985.86 | 36.0.1985.86.x |
| google / chrome | 36.0.1985.67 | 36.0.1985.67.x |
| google / chrome | 36.0.1985.37 | 36.0.1985.37.x |
| google / chrome | 36.0.1985.82 | 36.0.1985.82.x |
| google / chrome | 36.0.1985.61 | 36.0.1985.61.x |
| google / chrome | 36.0.1985.44 | 36.0.1985.44.x |
| google / chrome | 36.0.1985.6 | 36.0.1985.6.x |
| google / chrome | 36.0.1985.5 | 36.0.1985.5.x |
| google / chrome | 36.0.1985.32 | 36.0.1985.32.x |
| google / chrome | 36.0.1985.54 | 36.0.1985.54.x |
| google / chrome | 36.0.1985.72 | 36.0.1985.72.x |
| google / chrome | 36.0.1985.56 | 36.0.1985.56.x |
| google / chrome | 36.0.1985.81 | 36.0.1985.81.x |
| google / chrome | 36.0.1985.90 | 36.0.1985.90.x |
| google / chrome | 36.0.1985.100 | 36.0.1985.100.x |
| google / chrome | 36.0.1985.4 | 36.0.1985.4.x |
| google / chrome | 36.0.1985.60 | 36.0.1985.60.x |
| google / chrome | 36.0.1985.20 | 36.0.1985.20.x |
| google / chrome | 36.0.1985.87 | 36.0.1985.87.x |
| google / chrome | 36.0.1985.93 | 36.0.1985.93.x |
| google / chrome | 36.0.1985.34 | 36.0.1985.34.x |
| google / chrome | 36.0.1985.21 | 36.0.1985.21.x |
| google / chrome | 36.0.1985.23 | 36.0.1985.23.x |
| google / chrome | 36.0.1985.33 | 36.0.1985.33.x |
| google / chrome | 36.0.1985.36 | 36.0.1985.36.x |
| google / chrome | 36.0.1985.78 | 36.0.1985.78.x |
| google / chrome | 36.0.1985.65 | 36.0.1985.65.x |
| google / chrome | 36.0.1985.47 | 36.0.1985.47.x |
| google / chrome | 36.0.1985.89 | 36.0.1985.89.x |
| google / chrome | 36.0.1985.76 | 36.0.1985.76.x |
| google / chrome | 36.0.1985.101 | 36.0.1985.101.x |
| google / chrome | 36.0.1985.124 | 36.0.1985.124.x |
| google / chrome | 36.0.1985.68 | 36.0.1985.68.x |
| google / chrome | 36.0.1985.53 | 36.0.1985.53.x |
| google / chrome | 36.0.1985.58 | 36.0.1985.58.x |
| google / chrome | 36.0.1985.95 | 36.0.1985.95.x |
| google / chrome | 36.0.1985.94 | 36.0.1985.94.x |
| google / chrome | 36.0.1985.22 | 36.0.1985.22.x |
| google / chrome | 36.0.1985.14 | 36.0.1985.14.x |
| google / chrome | 36.0.1985.39 | 36.0.1985.39.x |
| google / chrome | 36.0.1985.106 | 36.0.1985.106.x |
| google / chrome | 36.0.1985.8 | 36.0.1985.8.x |
| google / chrome | 36.0.1985.63 | 36.0.1985.63.x |
| google / chrome | 36.0.1985.57 | 36.0.1985.57.x |
| google / chrome | 36.0.1985.84 | 36.0.1985.84.x |
| google / chrome | 36.0.1985.28 | 36.0.1985.28.x |
- http://googlechromereleases.blogspot.com/2014/07/stable-channel-update.html
- http://secunia.com/advisories/60061
- http://secunia.com/advisories/60372
- http://security.gentoo.org/glsa/glsa-201408-16.xml
- http://www.debian.org/security/2014/dsa-3039
- http://www.securityfocus.com/bid/68677
- https://code.google.com/p/chromium/issues/detail?id=380885
- https://src.chromium.org/viewvc/blink?revision=176084&view=revision
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime