CVE-2014-3803
Google Chrome < 35.0.1916.114 - Unauthenticated Exposure of Sensitive Information via SpeechInput Feature
Title source: llmDescription
The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute.
References (6)
Core 6
Core References
Vendor Advisory x_refsource_confirm
https://src.chromium.org/viewvc/blink?revision=171373&view=revision
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/67582
Exploit x_refsource_confirm
https://code.google.com/p/chromium/issues/detail?id=360448
Vendor Advisory x_refsource_confirm
http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/60372
Exploit x_refsource_misc
http://blog.guya.net/2014/04/07/to-listen-without-consent-abusing-the-html5-speech/
Scores
EPSS
0.0136
EPSS Percentile
68.3%
Details
CWE
CWE-200
Status
published
Products (50)
google/chrome
35.0.1916.0
google/chrome
35.0.1916.1
google/chrome
35.0.1916.2
google/chrome
35.0.1916.3
google/chrome
35.0.1916.4
google/chrome
35.0.1916.5
google/chrome
35.0.1916.6
google/chrome
35.0.1916.7
google/chrome
35.0.1916.8
google/chrome
35.0.1916.9
... and 40 more
Published
May 21, 2014
Tracked Since
Feb 18, 2026