CVE-2014-1748
Vulnerability Summary
Timeline
Description
The ScrollView::paint function in platform/scroll/ScrollView.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to spoof the UI by extending scrollbar painting into the parent frame.
CVSS Metrics
- v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS Trends
Current EPSS score: 0.64%• Percentile: 70%
Affected Systems
- Unknown•Chrome
≤ 35.0.1916.113 | 35.0.1916.0 | 35.0.1916.1 | 35.0.1916.2 | 35.0.1916.3 | 35.0.1916.4 | 35.0.1916.5 | 35.0.1916.6 | 35.0.1916.7 | 35.0.1916.8 | 35.0.1916.9 | 35.0.1916.10 | 35.0.1916.11 | 35.0.1916.13 | 35.0.1916.14 | 35.0.1916.15 | 35.0.1916.17 | 35.0.1916.18 | 35.0.1916.19 | 35.0.1916.20 | 35.0.1916.21 | 35.0.1916.22 | 35.0.1916.23 | 35.0.1916.27 | 35.0.1916.31 | 35.0.1916.32 | 35.0.1916.33 | 35.0.1916.34 | 35.0.1916.35 | 35.0.1916.36 | 35.0.1916.37 | 35.0.1916.38 | 35.0.1916.39 | 35.0.1916.40 | 35.0.1916.41 | 35.0.1916.42 | 35.0.1916.43 | 35.0.1916.44 | 35.0.1916.45 | 35.0.1916.46 | 35.0.1916.47 | 35.0.1916.48 | 35.0.1916.49 | 35.0.1916.51 | 35.0.1916.52 | 35.0.1916.54 | 35.0.1916.56 | 35.0.1916.57 | 35.0.1916.59 | 35.0.1916.61 | 35.0.1916.68 | 35.0.1916.69 | 35.0.1916.71 | 35.0.1916.72 | 35.0.1916.74 | 35.0.1916.77 | 35.0.1916.80 | 35.0.1916.82 | 35.0.1916.84 | 35.0.1916.85 | 35.0.1916.86 | 35.0.1916.88 | 35.0.1916.90 | 35.0.1916.92 | 35.0.1916.93 | 35.0.1916.95 | 35.0.1916.96 | 35.0.1916.98 | 35.0.1916.99 | 35.0.1916.101 | 35.0.1916.103 | 35.0.1916.104 | 35.0.1916.105 | 35.0.1916.106 | 35.0.1916.107 | 35.0.1916.108 | 35.0.1916.109 | 35.0.1916.110 | 35.0.1916.111 | 35.0.1916.112
References (14)
- https://code.google.com/p/chromium/issues/detail?id=331168
- http://www.debian.org/security/2014/dsa-2939
- http://googlechromereleases.blogspot.com/2014/05/stable-channel-update_20.html
- http://security.gentoo.org/glsa/glsa-201408-16.xml
- http://secunia.com/advisories/60372
- http://lists.opensuse.org/opensuse-updates/2014-06/msg00023.html
- http://secunia.com/advisories/59155
- http://lists.opensuse.org/opensuse-updates/2016-03/msg00132.html
- http://support.apple.com/kb/HT6596
- http://lists.apple.com/archives/security-announce/2014/Dec/msg00000.html
- http://secunia.com/advisories/58920
- http://www.securitytracker.com/id/1030270
- https://src.chromium.org/viewvc/blink?revision=170625&view=revision
- http://www.ubuntu.com/usn/USN-2937-1