Vulnerability Database

324,382

Total vulnerabilities in the database

CVE-2014-3201

core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows remote attackers to spoof content via a crafted web site that interferes with the scrollbar.

Published: Oct 10, 2014
Updated: Nov 9, 2025
CVE: CVE-2014-3201
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
google / chrome	-	38.0.2125.101.x

http://googlechromereleases.blogspot.com/2014/10/chrome-for-android-update.html
https://crbug.com/406593
https://src.chromium.org/viewvc/blink?revision=182021&view=revision

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo