CVE-2014-3160

Priority
Description
The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp
in Blink, as used in Google Chrome before 36.0.1985.125, does not properly
restrict subresource requests associated with SVG files, which allows
remote attackers to bypass the Same Origin Policy via a crafted file.
Notes
Package
Upstream:released (36.0.1985.125)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [36.0.1985.125-0ubuntu1.14.04.0~pkg1029])
Package
Upstream:released (1.0.4)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [1.0.4-0ubuntu0.14.04.1])
More Information

Updated: 2020-03-18 22:20:14 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)