CVE-2014-3187

Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted web site.
Cross-site Scripting
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
ChromeCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
googlechrome
𝑥
≤ 37.0.2062.59
googlechrome
37.0.2062.0
googlechrome
37.0.2062.1
googlechrome
37.0.2062.2
googlechrome
37.0.2062.3
googlechrome
37.0.2062.4
googlechrome
37.0.2062.5
googlechrome
37.0.2062.6
googlechrome
37.0.2062.10
googlechrome
37.0.2062.11
googlechrome
37.0.2062.12
googlechrome
37.0.2062.13
googlechrome
37.0.2062.14
googlechrome
37.0.2062.15
googlechrome
37.0.2062.16
googlechrome
37.0.2062.17
googlechrome
37.0.2062.18
googlechrome
37.0.2062.19
googlechrome
37.0.2062.20
googlechrome
37.0.2062.21
googlechrome
37.0.2062.22
googlechrome
37.0.2062.23
googlechrome
37.0.2062.24
googlechrome
37.0.2062.25
googlechrome
37.0.2062.26
googlechrome
37.0.2062.27
googlechrome
37.0.2062.28
googlechrome
37.0.2062.29
googlechrome
37.0.2062.30
googlechrome
37.0.2062.31
googlechrome
37.0.2062.32
googlechrome
37.0.2062.33
googlechrome
37.0.2062.34
googlechrome
37.0.2062.35
googlechrome
37.0.2062.36
googlechrome
37.0.2062.37
googlechrome
37.0.2062.39
googlechrome
37.0.2062.43
googlechrome
37.0.2062.44
googlechrome
37.0.2062.45
googlechrome
37.0.2062.46
googlechrome
37.0.2062.47
googlechrome
37.0.2062.48
googlechrome
37.0.2062.49
googlechrome
37.0.2062.50
googlechrome
37.0.2062.51
googlechrome
37.0.2062.52
googlechrome
37.0.2062.53
googlechrome
37.0.2062.54
googlechrome
37.0.2062.55
googlechrome
37.0.2062.56
googlechrome
37.0.2062.57
googlechrome
37.0.2062.58
googlechrome
38.0.2125.7
appleiphone_os
-
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://googlechromereleases.blogspot.com/2014/10/chrome-for-ios-update.html
http://twitter.com/S9Labs/statuses/519576582742999043
https://code.google.com/p/chromium/issues/detail?id=413831
https://medium.com/section-9-lab/abusing-ios-url-handlers-on-messages-96979e8b12f5
http://googlechromereleases.blogspot.com/2014/10/chrome-for-ios-update.html
http://twitter.com/S9Labs/statuses/519576582742999043
https://code.google.com/p/chromium/issues/detail?id=413831
https://medium.com/section-9-lab/abusing-ios-url-handlers-on-messages-96979e8b12f5