CVE-2014-1731

HIGH
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements.

References

http://archives.neohapsis.com/archives/bugtraq/2014-05/0128.html

http://archives.neohapsis.com/archives/bugtraq/2014-06/0174.html

http://archives.neohapsis.com/archives/bugtraq/2014-06/0175.html

http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html

http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html

http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html

http://secunia.com/advisories/58301

http://secunia.com/advisories/60372

http://security.gentoo.org/glsa/glsa-201408-16.xml

http://support.apple.com/kb/HT6254

http://www.debian.org/security/2014/dsa-2920

http://www.securityfocus.com/bid/67572

https://code.google.com/p/chromium/issues/detail?id=349903

https://src.chromium.org/viewvc/blink?revision=171216&view=revision

https://support.apple.com/kb/HT6537

Details

Source: MITRE

Published: 2014-04-26

Updated: 2017-01-07

Type: CWE-20

Risk Information

CVSS v2

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 10

Severity: HIGH

Vulnerable Software

Configuration 1

AND

OR

cpe:2.3:a:google:chrome:34.0.1847.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.3:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.4:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.5:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.6:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.7:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.8:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.9:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.10:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.12:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.14:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.15:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.23:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.24:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.25:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.36:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.37:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.38:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.39:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.41:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.42:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.43:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.44:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.45:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.46:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.47:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.48:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.49:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.50:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.51:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.52:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.53:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.54:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.55:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.56:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.57:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.58:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.59:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.60:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.61:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.62:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.63:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.64:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.65:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.66:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.67:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.68:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.69:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.71:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.72:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.73:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.74:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.75:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.76:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.77:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.78:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.79:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.80:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.81:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.82:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.83:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.85:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.86:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.87:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.91:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.92:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.94:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.97:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.98:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.99:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.100:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.101:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.102:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.103:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.104:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.109:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.111:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.112:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.113:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.114:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.115:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.116:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.118:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.120:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2

AND

OR

cpe:2.3:a:google:chrome:34.0.1847.1:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.2:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.3:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.4:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.5:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.6:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.7:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.8:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.9:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.10:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.12:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.14:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.15:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.23:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.24:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.25:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.36:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.37:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.38:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.39:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.41:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.42:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.43:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.44:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.45:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.46:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.47:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.48:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.49:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.50:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.51:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.52:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.53:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.54:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.55:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.56:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.57:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.58:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.59:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.60:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.61:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.62:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.63:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.64:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.65:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.66:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.67:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.68:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.69:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.71:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.72:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.73:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.74:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.75:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.76:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.77:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.78:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.79:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.80:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.81:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.82:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.83:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.85:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.86:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.87:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.91:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.92:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.94:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.97:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.98:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.99:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.100:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.101:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.102:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.103:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.104:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.109:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.111:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.112:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.113:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.114:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.115:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.116:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.118:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.120:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:34.0.1847.130:*:*:*:*:*:*:*

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

OR

cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Tenable Plugins

View all (19 total)

IDNameProductFamilySeverity
78598Apple iTunes < 12.0.1 Multiple Vulnerabilities (uncredentialed check)NessusPeer-To-Peer File Sharing
critical
78597Apple iTunes < 12.0.1 Multiple Vulnerabilities (credentialed check)NessusWindows
critical
8561iTunes < 12.0.1 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
critical
77460GLSA-201408-16 : Chromium: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
76756Ubuntu 14.04 LTS : oxide-qt vulnerabilities (USN-2298-1)NessusUbuntu Local Security Checks
high
8323Apple TV < 6.1.2 Multiple VulnerabilitiesNessus Network MonitorInternet Services
critical
8322Apple iOS 7.x < 7.1.2 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
high
76315Apple iOS < 7.1.2 Multiple VulnerabilitiesNessusMobile Devices
critical
75361openSUSE Security Update : chromium (openSUSE-SU-2014:0669-1)NessusSuSE Local Security Checks
high
75360openSUSE Security Update : chromium (openSUSE-SU-2014:0668-1)NessusSuSE Local Security Checks
high
8264Safari < 6.1.4 / 7.0.4 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
74139Mac OS X : Apple Safari < 6.1.4 / 7.0.4 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
high
73856Debian DSA-2920-1 : chromium-browser - security updateNessusDebian Local Security Checks
high
73793FreeBSD : chromium -- multiple vulnerabilities (7cf25a0c-d031-11e3-947b-00262d5ed8ee)NessusFreeBSD Local Security Checks
high
8243Google Chrome < 34.0.1847.131 (Mac) Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
8242Google Chrome < 34.0.1847.131 (Windows) Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
8241Google Chrome < 34.0.1847.132 (Linux) Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
73711Google Chrome < 34.0.1847.131 Multiple Vulnerabilities (Mac OS X)NessusMacOS X Local Security Checks
critical
73710Google Chrome < 34.0.1847.131 Multiple VulnerabilitiesNessusWindows
critical