CVE-2014-3166

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 13-08-2014 06:57

Last modified: - 26-10-2022 01:44

Total changes: - 5

Description

The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names.

Common Vulnerability Scoring System (CVSS)

AV:N/AC:L/Au:N/C:P/I:N/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

Low

Confidentiality

None

Integrity

Privileges required

Scope

User interaction

5.0

Base score

10.0

2.9

Exploitability score

Impact score

Verification logic

Reference

https://src.chromium.org/viewvc/chrome?revision=288435&view=revision
http://googlechromereleases.blogspot.com/2014/08/chrome-for-android-update.html
[tls] 20140810 Re: Inter-protocol attacks-Third Party Advisory
http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html
https://code.google.com/p/chromium/issues/detail?id=398925
https://src.chromium.org/viewvc/chrome?revision=286598&view=revision
1030732-Third Party Advisory, VDB Entry
DSA-3039-Third Party Advisory
69202-Third Party Advisory, VDB Entry
GLSA-201408-16-Third Party Advisory
60798-Third Party Advisory
60685-Third Party Advisory
59904-Third Party Advisory
59693-Third Party Advisory
http://googlechromereleases.blogspot.com/2014/08/chrome-for-ios-update.html

Keywords

CVE-2014-3166

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2014-3166

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures