CVE-2014-3160

Priority
Medium
Description
The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp
in Blink, as used in Google Chrome before 36.0.1985.125, does not properly
restrict subresource requests associated with SVG files, which allows
remote attackers to bypass the Same Origin Policy via a crafted file.
References
Package
Upstream:released (36.0.1985.125)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):released (36.0.1985.125-0ubuntu1.12.04.0~pkg897)
Ubuntu 14.04 LTS (Trusty Tahr):released (36.0.1985.125-0ubuntu1.14.04.0~pkg1029)
Ubuntu 14.10 (Utopic Unicorn):released (36.0.1985.125-0ubuntu2)
Package
Upstream:released (1.0.4)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):released (1.0.4-0ubuntu0.14.04.1)
Ubuntu 14.10 (Utopic Unicorn):released (1.1.0-0ubuntu1)
More Information

Valid XHTML 1.0 Strict

Updated: 2014-08-20 20:14:37 UTC (commit 8394)