CVE-2014-1733

EUVD-2014-1807
The PointerCompare function in codegen.cc in Seccomp-BPF, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly merge blocks, which might allow remote attackers to bypass intended sandbox restrictions by leveraging renderer access.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 65%
Affected Products (NVD)
VendorProductVersion
googlechrome
𝑥
< 34.0.1847.131
googlechrome
𝑥
< 34.0.1847.132
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
lucid
ignored
precise
Fixed 36.0.1985.125-0ubuntu1.12.04.0~pkg897
released
quantal
ignored
saucy
ignored
trusty
Fixed 36.0.1985.125-0ubuntu1.14.04.0~pkg1029
released
oxide-qt
lucid
dne
precise
dne
quantal
dne
saucy
dne
trusty
dne
Common Weakness Enumeration
References
http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html
http://secunia.com/advisories/58301
http://security.gentoo.org/glsa/glsa-201408-16.xml
http://www.debian.org/security/2014/dsa-2920
https://code.google.com/p/chromium/issues/detail?id=351103
https://src.chromium.org/viewvc/chrome?revision=260157&view=revision
http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html
http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html
http://secunia.com/advisories/58301
http://security.gentoo.org/glsa/glsa-201408-16.xml
http://www.debian.org/security/2014/dsa-2920
https://code.google.com/p/chromium/issues/detail?id=351103
https://src.chromium.org/viewvc/chrome?revision=260157&view=revision