CVE-2014-3159
Google Chrome < 36.0.1985.122 - URL Spoofing via WebContentsDelegateAndroid
Title source: llmDescription
The WebContentsDelegateAndroid::OpenURLFromTab function in components/web_contents_delegate_android/web_contents_delegate_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly restrict URL loading, which allows remote attackers to spoof the URL in the Omnibox via unspecified vectors.
References (3)
Core 3
Core References
Release Notes, Vendor Advisory x_refsource_confirm
http://googlechromereleases.blogspot.com/2014/07/chrome-for-android-update.html
Issue Tracking x_refsource_confirm
https://code.google.com/p/chromium/issues/detail?id=352083
Patch x_refsource_confirm
https://src.chromium.org/viewvc/chrome?revision=273865&view=revision
Scores
EPSS
0.0092
EPSS Percentile
56.2%
Details
CWE
CWE-20
Status
published
Products (50)
google/chrome
36.0.1985.1
google/chrome
36.0.1985.2
google/chrome
36.0.1985.3
google/chrome
36.0.1985.4
google/chrome
36.0.1985.5
google/chrome
36.0.1985.6
google/chrome
36.0.1985.8
google/chrome
36.0.1985.12
google/chrome
36.0.1985.13
google/chrome
36.0.1985.14
... and 40 more
Published
Jul 20, 2014
Tracked Since
Feb 18, 2026