CVE-2014-3172

Publication date 27 August 2014

Last updated 24 July 2024


Ubuntu priority

The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab’s URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as demonstrated by a chrome:// URL.

Status

Package Ubuntu Release Status
chromium-browser 14.04 LTS trusty
Fixed 37.0.2062.94-0ubuntu0.14.04.1~pkg1042
12.04 LTS precise
Fixed 37.0.2062.94-0ubuntu0.12.04.1~pkg909
10.04 LTS lucid Ignored end of life
oxide-qt 14.04 LTS trusty Not in release
12.04 LTS precise Not in release
10.04 LTS lucid Not in release