CVE-2014-3170

Priority
Description
extensions/common/url_pattern.cc in Google Chrome before 37.0.2062.94 does
not prevent use of a '\0' character in a host name, which allows remote
attackers to spoof the extension permission dialog by relying on truncation
after this character.
Assigned-to
ChrisCoulson
Notes
Package
Upstream:released (37.0.2062.94)
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [37.0.2062.94-0ubuntu0.14.04.1~pkg1042])
Package
Upstream:not-affected
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was not-affected)
More Information

Updated: 2020-03-18 22:20:15 UTC (commit 2ea7df7bd1e69e1e489978d2724a936eb3faa1b8)