CVE-2014-3177

Google Chrome < 37.0.2062.94 - Remote Code Execution via Extension IPC and Sync API Interaction

Title source: llm
STIX 2.1

Description

Google Chrome before 37.0.2062.94 does not properly handle the interaction of extensions, IPC, the sync API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-3176.

References (10)

Core 10
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/95477
Issue Tracking x_refsource_confirm
https://crbug.com/386988
Release Notes, Vendor Advisory x_refsource_confirm
http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/61482
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201408-16.xml
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60268
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1030767
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2014/dsa-3039
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/69404

Scores

EPSS 0.0388
EPSS Percentile 88.9%

Details

CWE
CWE-94
Status published
Products (50)
google/chrome 37.0.2062.0
google/chrome 37.0.2062.1
google/chrome 37.0.2062.2
google/chrome 37.0.2062.3
google/chrome 37.0.2062.4
google/chrome 37.0.2062.5
google/chrome 37.0.2062.6
google/chrome 37.0.2062.7
google/chrome 37.0.2062.8
google/chrome 37.0.2062.9
... and 40 more
Published Aug 27, 2014
Tracked Since Feb 18, 2026