CVE-2014-1716: Code Injection
First published: Wed Apr 09 2014(Updated: )
Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."
Credit: cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Chrome | <=34.0.1847.115 | |
| Debian Debian Linux | =7.0 | |
| Debian Debian Linux | =8.0 | |
| openSUSE | =12.3 | |
| openSUSE | =13.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html
- http://lists.opensuse.org/opensuse-updates/2014-05/msg00012.html
- http://security.gentoo.org/glsa/glsa-201408-16.xml
- http://www.debian.org/security/2014/dsa-2905
- https://code.google.com/p/chromium/issues/detail?id=354123
- https://code.google.com/p/v8/source/detail?r=20138
- agent/references
- agent/weakness
- agent/type
- agent/author
- agent/severity
- agent/description
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/google
- canonical/google chrome
- version/google chrome/34.0.1847.115
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/7.0
- version/debian debian linux/8.0
- vendor/opensuse
- canonical/opensuse
- version/opensuse/12.3
- version/opensuse/13.1