CVE-2014-1702

Use-after-free vulnerability in the DatabaseThread::cleanupDatabaseThread function in modules/webdatabase/DatabaseThread.cpp in the web database implementation in Blink, as used in Google Chrome before 33.0.1750.149, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper handling of scheduled tasks during shutdown of a thread.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
ChromeCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 77%
VendorProductVersion
googlechrome
𝑥
≤ 33.0.1750.146
googlechrome
33.0.1750.0
googlechrome
33.0.1750.1
googlechrome
33.0.1750.2
googlechrome
33.0.1750.3
googlechrome
33.0.1750.4
googlechrome
33.0.1750.5
googlechrome
33.0.1750.6
googlechrome
33.0.1750.7
googlechrome
33.0.1750.8
googlechrome
33.0.1750.9
googlechrome
33.0.1750.10
googlechrome
33.0.1750.11
googlechrome
33.0.1750.12
googlechrome
33.0.1750.13
googlechrome
33.0.1750.14
googlechrome
33.0.1750.15
googlechrome
33.0.1750.16
googlechrome
33.0.1750.18
googlechrome
33.0.1750.19
googlechrome
33.0.1750.20
googlechrome
33.0.1750.21
googlechrome
33.0.1750.22
googlechrome
33.0.1750.23
googlechrome
33.0.1750.24
googlechrome
33.0.1750.25
googlechrome
33.0.1750.26
googlechrome
33.0.1750.27
googlechrome
33.0.1750.28
googlechrome
33.0.1750.29
googlechrome
33.0.1750.30
googlechrome
33.0.1750.31
googlechrome
33.0.1750.34
googlechrome
33.0.1750.35
googlechrome
33.0.1750.36
googlechrome
33.0.1750.37
googlechrome
33.0.1750.38
googlechrome
33.0.1750.39
googlechrome
33.0.1750.40
googlechrome
33.0.1750.41
googlechrome
33.0.1750.42
googlechrome
33.0.1750.43
googlechrome
33.0.1750.44
googlechrome
33.0.1750.45
googlechrome
33.0.1750.46
googlechrome
33.0.1750.47
googlechrome
33.0.1750.48
googlechrome
33.0.1750.49
googlechrome
33.0.1750.50
googlechrome
33.0.1750.51
googlechrome
33.0.1750.52
googlechrome
33.0.1750.53
googlechrome
33.0.1750.54
googlechrome
33.0.1750.55
googlechrome
33.0.1750.56
googlechrome
33.0.1750.57
googlechrome
33.0.1750.58
googlechrome
33.0.1750.59
googlechrome
33.0.1750.60
googlechrome
33.0.1750.61
googlechrome
33.0.1750.62
googlechrome
33.0.1750.63
googlechrome
33.0.1750.64
googlechrome
33.0.1750.65
googlechrome
33.0.1750.66
googlechrome
33.0.1750.67
googlechrome
33.0.1750.68
googlechrome
33.0.1750.69
googlechrome
33.0.1750.70
googlechrome
33.0.1750.71
googlechrome
33.0.1750.73
googlechrome
33.0.1750.74
googlechrome
33.0.1750.75
googlechrome
33.0.1750.76
googlechrome
33.0.1750.77
googlechrome
33.0.1750.79
googlechrome
33.0.1750.80
googlechrome
33.0.1750.81
googlechrome
33.0.1750.82
googlechrome
33.0.1750.83
googlechrome
33.0.1750.85
googlechrome
33.0.1750.88
googlechrome
33.0.1750.89
googlechrome
33.0.1750.90
googlechrome
33.0.1750.91
googlechrome
33.0.1750.92
googlechrome
33.0.1750.93
googlechrome
33.0.1750.104
googlechrome
33.0.1750.106
googlechrome
33.0.1750.107
googlechrome
33.0.1750.108
googlechrome
33.0.1750.109
googlechrome
33.0.1750.110
googlechrome
33.0.1750.111
googlechrome
33.0.1750.112
googlechrome
33.0.1750.113
googlechrome
33.0.1750.115
googlechrome
33.0.1750.116
googlechrome
33.0.1750.117
googlechrome
33.0.1750.124
googlechrome
33.0.1750.125
googlechrome
33.0.1750.126
googlechrome
33.0.1750.132
googlechrome
33.0.1750.133
googlechrome
33.0.1750.135
googlechrome
33.0.1750.136
googlechrome
33.0.1750.144
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
saucy
Fixed 33.0.1750.152-0ubuntu0.13.10.1~pkg984.1
released
quantal
Fixed 33.0.1750.152-0ubuntu0.12.10.1~pkg895.1
released
precise
Fixed 33.0.1750.152-0ubuntu0.12.04.1~pkg879.1
released
lucid
ignored
oxide-qt
saucy
dne
quantal
dne
precise
dne
lucid
dne
Common Weakness Enumeration
References
http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html
http://security.gentoo.org/glsa/glsa-201408-16.xml
http://www.debian.org/security/2014/dsa-2883
http://www.securitytracker.com/id/1029914
https://code.google.com/p/chromium/issues/detail?id=333058
https://src.chromium.org/viewvc/blink?revision=168059&view=revision
http://googlechromereleases.blogspot.com/2014/03/stable-channel-update_11.html
http://lists.opensuse.org/opensuse-security-announce/2014-04/msg00008.html
http://security.gentoo.org/glsa/glsa-201408-16.xml
http://www.debian.org/security/2014/dsa-2883
http://www.securitytracker.com/id/1029914
https://code.google.com/p/chromium/issues/detail?id=333058
https://src.chromium.org/viewvc/blink?revision=168059&view=revision