CVE-2014-1716

HIGH

Description

Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."

References

http://googlechromereleases.blogspot.com/2014/04/stable-channel-update.html

http://lists.opensuse.org/opensuse-updates/2014-05/msg00012.html

http://security.gentoo.org/glsa/glsa-201408-16.xml

http://www.debian.org/security/2014/dsa-2905

https://code.google.com/p/chromium/issues/detail?id=354123

https://code.google.com/p/v8/source/detail?r=20138

Details

Source: MITRE

Published: 2014-04-09

Updated: 2018-10-30

Type: CWE-94

Risk Information

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH