CVE-2014-3187

medium

Description

Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted web site.

References

https://medium.com/section-9-lab/abusing-ios-url-handlers-on-messages-96979e8b12f5

https://code.google.com/p/chromium/issues/detail?id=413831

http://twitter.com/S9Labs/statuses/519576582742999043

http://googlechromereleases.blogspot.com/2014/10/chrome-for-ios-update.html

Details

Source: Mitre, NVD

Published: 2014-10-08

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Severity: Medium

EPSS

EPSS: 0.00606