CVE-2014-1701
Published: 16 March 2014
The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to conduct Universal XSS (UXSS) attacks via vectors involving events.
Priority
Status
Package | Release | Status |
---|---|---|
chromium-browser Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(33.0.1750.152-0ubuntu0.12.04.1~pkg879.1)
|
|
quantal |
Released
(33.0.1750.152-0ubuntu0.12.10.1~pkg895.1)
|
|
saucy |
Released
(33.0.1750.152-0ubuntu0.13.10.1~pkg984.1)
|
|
upstream |
Released
(33.0.1750.149)
|
|
oxide-qt Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Does not exist
|
|
quantal |
Does not exist
|
|
saucy |
Does not exist
|
|
upstream |
Needs triage
|