CVE-2014-1730
Published: 26 April 2014
Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc.
Notes
Author | Note |
---|---|
mikesalvatore | The Ubuntu Security Team does not support libv8 |
Priority
Status
Package | Release | Status |
---|---|---|
chromium-browser Launchpad, Ubuntu, Debian |
vivid |
Released
(35.0.1916.153-0ubuntu1~pkg1029)
|
artful |
Released
(35.0.1916.153-0ubuntu1~pkg1029)
|
|
bionic |
Released
(35.0.1916.153-0ubuntu1~pkg1029)
|
|
cosmic |
Released
(35.0.1916.153-0ubuntu1~pkg1029)
|
|
lucid |
Ignored
(end of life)
|
|
precise |
Released
(36.0.1985.125-0ubuntu1.12.04.0~pkg897)
|
|
quantal |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Released
(36.0.1985.125-0ubuntu1.14.04.0~pkg1029)
|
|
upstream |
Released
(34.0.1847.132)
|
|
utopic |
Released
(35.0.1916.153-0ubuntu1~pkg1029)
|
|
wily |
Released
(35.0.1916.153-0ubuntu1~pkg1029)
|
|
xenial |
Released
(35.0.1916.153-0ubuntu1~pkg1029)
|
|
yakkety |
Released
(35.0.1916.153-0ubuntu1~pkg1029)
|
|
zesty |
Released
(35.0.1916.153-0ubuntu1~pkg1029)
|
|
libv8-3.14 Launchpad, Ubuntu, Debian |
vivid |
Ignored
(end of life)
|
artful |
Ignored
(end of life)
|
|
bionic |
Ignored
(libv8 not supported)
|
|
cosmic |
Ignored
(end of life)
|
|
lucid |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
(trusty was ignored [libv8 not supported])
|
|
upstream |
Needed
|
|
utopic |
Ignored
(end of life)
|
|
wily |
Ignored
(end of life)
|
|
xenial |
Ignored
(libv8 not supported)
|
|
yakkety |
Ignored
(end of life)
|
|
zesty |
Ignored
(end of life)
|
|
oxide-qt Launchpad, Ubuntu, Debian |
vivid |
Released
(1.1.0~bzr540-0ubuntu1)
|
artful |
Released
(1.1.0~bzr540-0ubuntu1)
|
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
lucid |
Does not exist
|
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
saucy |
Does not exist
|
|
trusty |
Released
(1.0.4-0ubuntu0.14.04.1)
|
|
upstream |
Released
(1.0.4)
|
|
utopic |
Released
(1.1.0~bzr540-0ubuntu1)
|
|
wily |
Released
(1.1.0~bzr540-0ubuntu1)
|
|
xenial |
Released
(1.1.0~bzr540-0ubuntu1)
|
|
yakkety |
Released
(1.1.0~bzr540-0ubuntu1)
|
|
zesty |
Released
(1.1.0~bzr540-0ubuntu1)
|
|
libv8 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
cosmic |
Does not exist
|
|
lucid |
Ignored
(end of life)
|
|
precise |
Ignored
(end of life)
|
|
quantal |
Ignored
(end of life)
|
|
saucy |
Ignored
(end of life)
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
utopic |
Does not exist
|
|
vivid |
Does not exist
|
|
wily |
Does not exist
|
|
xenial |
Does not exist
|
|
yakkety |
Does not exist
|
|
zesty |
Does not exist
|
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1730
- https://code.google.com/p/v8/source/detail?r=20595
- https://code.google.com/p/v8/source/detail?r=20593
- https://code.google.com/p/v8/source/detail?r=20388
- https://code.google.com/p/v8/source/detail?r=20377
- https://code.google.com/p/v8/source/detail?r=20375
- https://code.google.com/p/chromium/issues/detail?id=354967
- http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
- https://ubuntu.com/security/notices/USN-2298-1
- NVD
- Launchpad
- Debian