Description
Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc.
References (13)
Core 13
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/58301
Release Notes, Vendor Advisory x_refsource_confirm
http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201408-16.xml
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/60372
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-2920
Issue Tracking x_refsource_confirm
https://code.google.com/p/v8/source/detail?r=20375
Issue Tracking x_refsource_confirm
https://code.google.com/p/chromium/issues/detail?id=354967
Issue Tracking x_refsource_confirm
https://code.google.com/p/v8/source/detail?r=20388
Issue Tracking x_refsource_confirm
https://code.google.com/p/v8/source/detail?r=20593
Issue Tracking x_refsource_confirm
https://code.google.com/p/v8/source/detail?r=20595
Issue Tracking x_refsource_confirm
https://code.google.com/p/v8/source/detail?r=20377
Scores
EPSS
0.0094
EPSS Percentile
76.3%
Details
CWE
CWE-843
Status
published
Products (1)
google/chrome
< 34.0.1847.131
Published
Apr 26, 2014
Tracked Since
Feb 18, 2026