CVE-2014-3161
Severity CVSS v4.0:
Pending analysis
Type:
CWE-264
Permissions, Privileges, and Access Control
Publication date:
20/07/2014
Last modified:
12/04/2025
Description
The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video stream.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* | 36.0.1985.106 (including) | |
| cpe:2.3:a:google:chrome:36.0.1985.1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:google:chrome:36.0.1985.2:*:*:*:*:*:*:* | ||
| cpe:2.3:a:google:chrome:36.0.1985.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:google:chrome:36.0.1985.4:*:*:*:*:*:*:* | ||
| cpe:2.3:a:google:chrome:36.0.1985.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:google:chrome:36.0.1985.6:*:*:*:*:*:*:* | ||
| cpe:2.3:a:google:chrome:36.0.1985.8:*:*:*:*:*:*:* | ||
| cpe:2.3:a:google:chrome:36.0.1985.12:*:*:*:*:*:*:* | ||
| cpe:2.3:a:google:chrome:36.0.1985.13:*:*:*:*:*:*:* | ||
| cpe:2.3:a:google:chrome:36.0.1985.14:*:*:*:*:*:*:* | ||
| cpe:2.3:a:google:chrome:36.0.1985.15:*:*:*:*:*:*:* | ||
| cpe:2.3:a:google:chrome:36.0.1985.16:*:*:*:*:*:*:* | ||
| cpe:2.3:a:google:chrome:36.0.1985.17:*:*:*:*:*:*:* | ||
| cpe:2.3:a:google:chrome:36.0.1985.18:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html
- https://code.google.com/p/chromium/issues/detail?id=334204
- https://src.chromium.org/viewvc/chrome?revision=266396&view=revision
- http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html
- https://code.google.com/p/chromium/issues/detail?id=334204
- https://src.chromium.org/viewvc/chrome?revision=266396&view=revision