CVE-2014-1747

Cross-site scripting (XSS) vulnerability in the DocumentLoader::maybeCreateArchive function in core/loader/DocumentLoader.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to inject arbitrary web script or HTML via crafted MHTML content, aka "Universal XSS (UXSS)."
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
ChromeCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
googlechrome
𝑥
≤ 35.0.1916.113
googlechrome
35.0.1916.0
googlechrome
35.0.1916.1
googlechrome
35.0.1916.2
googlechrome
35.0.1916.3
googlechrome
35.0.1916.4
googlechrome
35.0.1916.5
googlechrome
35.0.1916.6
googlechrome
35.0.1916.7
googlechrome
35.0.1916.8
googlechrome
35.0.1916.9
googlechrome
35.0.1916.10
googlechrome
35.0.1916.11
googlechrome
35.0.1916.13
googlechrome
35.0.1916.14
googlechrome
35.0.1916.15
googlechrome
35.0.1916.17
googlechrome
35.0.1916.18
googlechrome
35.0.1916.19
googlechrome
35.0.1916.20
googlechrome
35.0.1916.21
googlechrome
35.0.1916.22
googlechrome
35.0.1916.23
googlechrome
35.0.1916.27
googlechrome
35.0.1916.31
googlechrome
35.0.1916.32
googlechrome
35.0.1916.33
googlechrome
35.0.1916.34
googlechrome
35.0.1916.35
googlechrome
35.0.1916.36
googlechrome
35.0.1916.37
googlechrome
35.0.1916.38
googlechrome
35.0.1916.39
googlechrome
35.0.1916.40
googlechrome
35.0.1916.41
googlechrome
35.0.1916.42
googlechrome
35.0.1916.43
googlechrome
35.0.1916.44
googlechrome
35.0.1916.45
googlechrome
35.0.1916.46
googlechrome
35.0.1916.47
googlechrome
35.0.1916.48
googlechrome
35.0.1916.49
googlechrome
35.0.1916.51
googlechrome
35.0.1916.52
googlechrome
35.0.1916.54
googlechrome
35.0.1916.56
googlechrome
35.0.1916.57
googlechrome
35.0.1916.59
googlechrome
35.0.1916.61
googlechrome
35.0.1916.68
googlechrome
35.0.1916.69
googlechrome
35.0.1916.71
googlechrome
35.0.1916.72
googlechrome
35.0.1916.74
googlechrome
35.0.1916.77
googlechrome
35.0.1916.80
googlechrome
35.0.1916.82
googlechrome
35.0.1916.84
googlechrome
35.0.1916.85
googlechrome
35.0.1916.86
googlechrome
35.0.1916.88
googlechrome
35.0.1916.90
googlechrome
35.0.1916.92
googlechrome
35.0.1916.93
googlechrome
35.0.1916.95
googlechrome
35.0.1916.96
googlechrome
35.0.1916.98
googlechrome
35.0.1916.99
googlechrome
35.0.1916.101
googlechrome
35.0.1916.103
googlechrome
35.0.1916.104
googlechrome
35.0.1916.105
googlechrome
35.0.1916.106
googlechrome
35.0.1916.107
googlechrome
35.0.1916.108
googlechrome
35.0.1916.109
googlechrome
35.0.1916.110
googlechrome
35.0.1916.111
googlechrome
35.0.1916.112
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
trusty
Fixed 36.0.1985.125-0ubuntu1.14.04.0~pkg1029
released
saucy
ignored
precise
Fixed 36.0.1985.125-0ubuntu1.12.04.0~pkg897
released
lucid
ignored
oxide-qt
trusty
dne
saucy
dne
precise
dne
lucid
dne
Common Weakness Enumeration
References
http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html
http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html
http://secunia.com/advisories/58920
http://secunia.com/advisories/59155
http://security.gentoo.org/glsa/glsa-201408-16.xml
http://www.debian.org/security/2014/dsa-2939
http://www.securitytracker.com/id/1030270
https://code.google.com/p/chromium/issues/detail?id=330663
https://src.chromium.org/viewvc/blink?revision=169499&view=revision
http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html
http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html
http://secunia.com/advisories/58920
http://secunia.com/advisories/59155
http://security.gentoo.org/glsa/glsa-201408-16.xml
http://www.debian.org/security/2014/dsa-2939
http://www.securitytracker.com/id/1030270
https://code.google.com/p/chromium/issues/detail?id=330663
https://src.chromium.org/viewvc/blink?revision=169499&view=revision