CVE-2014-3803

Google Chrome < 35.0.1916.114 - Unauthenticated Exposure of Sensitive Information via SpeechInput Feature

Title source: llm
STIX 2.1

Description

The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/67582
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/60372

Scores

EPSS 0.0136
EPSS Percentile 68.3%

Details

CWE
CWE-200
Status published
Products (50)
google/chrome 35.0.1916.0
google/chrome 35.0.1916.1
google/chrome 35.0.1916.2
google/chrome 35.0.1916.3
google/chrome 35.0.1916.4
google/chrome 35.0.1916.5
google/chrome 35.0.1916.6
google/chrome 35.0.1916.7
google/chrome 35.0.1916.8
google/chrome 35.0.1916.9
... and 40 more
Published May 21, 2014
Tracked Since Feb 18, 2026