CVE-2014-1730
First published: Sat Apr 26 2014(Updated: )
Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc.
Credit: cve-coordination@google.com chrome-cve-admin@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Chrome | <34.0.1847.131 | |
| Apple iOS and macOS | ||
| Microsoft Windows Operating System | ||
| Google Chrome | <34.0.1847.132 | |
| Linux Kernel | ||
| All of | ||
| Google Chrome | <34.0.1847.131 | |
| Any of | ||
| Apple iOS and macOS | ||
| Microsoft Windows Operating System | ||
| All of | ||
| Google Chrome | <34.0.1847.132 | |
| Linux Kernel |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
- http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html
- http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html
- http://secunia.com/advisories/58301
- http://secunia.com/advisories/60372
- http://security.gentoo.org/glsa/glsa-201408-16.xml
- http://www.debian.org/security/2014/dsa-2920
- https://code.google.com/p/chromium/issues/detail?id=354967
- https://code.google.com/p/v8/source/detail?r=20375
- https://code.google.com/p/v8/source/detail?r=20377
- https://code.google.com/p/v8/source/detail?r=20388
- https://code.google.com/p/v8/source/detail?r=20593
- https://code.google.com/p/v8/source/detail?r=20595
Frequently Asked Questions
What is the severity of CVE-2014-1730?
CVE-2014-1730 is classified as a high-severity vulnerability due to its potential for remote exploitation.
How do I fix CVE-2014-1730?
To fix CVE-2014-1730, update Google Chrome to version 34.0.1847.132 or later.
What versions of Google Chrome are affected by CVE-2014-1730?
CVE-2014-1730 affects Google Chrome versions prior to 34.0.1847.131 on Windows and OS X and 34.0.1847.132 on Linux.
What types of systems are impacted by CVE-2014-1730?
CVE-2014-1730 impacts Google Chrome on Windows, Mac OS X, and Linux systems.
What kind of attack does CVE-2014-1730 enable?
CVE-2014-1730 enables attackers to bypass access restrictions through type confusion, potentially allowing unauthorized access to sensitive property values.
- agent/type
- agent/references
- agent/severity
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- agent/author
- agent/source
- agent/event
- vendor/google
- canonical/google chrome
- vendor/apple
- canonical/apple ios and macos
- vendor/microsoft
- canonical/microsoft windows operating system
- vendor/linux
- canonical/linux kernel