NVD

Id
36268  
Name
CVE-2014-9648  
Description
components/navigation_interception/intercept_navigation_resource_throttle.cc in Google Chrome before 40.0.2214.91 on Android does not properly restrict use of intent: URLs to open an application after navigation to a web site, which allows remote attackers to cause a denial of service (loss of browser access to that site) via crafted JavaScript code, as demonstrated by pandora.com and the Pandora application, a different vulnerability than CVE-2015-1205.  
Reject
 
CVSS Version
2  
CVSS Score
4.3  
Severity
Medium  
CVSS Base Score
4.3  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8.6  
CVSS Vector
(AV:N/AC:M/Au:N/C:N/I:N/A:P)  
Pub Date
2017-01-19  
Published
2015-01-27  
Modified Date
2015-02-20  
Seq
2014-9648  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
185309 36268 CVE-2014-9648 http://googlechromereleases.blogspot.com/2015/01/stable-update.html  View
185310 36268 CVE-2014-9648 GLSA-201502-13  View
185311 36268 CVE-2014-9648 https://code.google.com/p/chromium/issues/detail?id=331571  View
185312 36268 CVE-2014-9648 https://code.google.com/p/chromium/issues/detail?id=449894  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
18925 JVNDB-2014-007800 Android 上で稼働する Google Chrome におけるサービス運用妨害 (DoS) の脆弱性 Android 上で稼働する Google Chrome の components/navigation_interception/intercept_navigation_resource_throttle.cc は、インテントの使用 (Web サイトへのナビゲーションの後、アプリケーションをオープンする URL) を適切に制限しないため、サービス運用妨害 (当該サイトへのブラウザアクセス不可) 状態にされる脆弱性が存在します。 CVE-2014-9648 76941 CVE-2014-9648 36268 4.3 http://jvndb.jvn.jp/ja/contents/2014/JVNDB-2014-007800.html 2014-01-03 2015-01-28 View