Rapid7 Vulnerability & Exploit Database

USN-2298-1: Oxide vulnerabilities

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

USN-2298-1: Oxide vulnerabilities

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:N/A:N)

Published

04/26/2014

Created

07/25/2018

Added

07/28/2014

Modified

07/09/2020

Description

Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc.

Solution(s)

ubuntu-upgrade-liboxideqtcore0
ubuntu-upgrade-oxideqt-codecs
ubuntu-upgrade-oxideqt-codecs-extra

References

https://attackerkb.com/topics/cve-2014-1730
APPLE-SA-2014-05-21-1
APPLE-SA-2014-06-30-3
APPLE-SA-2014-06-30-4
67374
67375
67376
67572
67582
67972
67977
67980
CVE - 2014-1730
CVE - 2014-1731
CVE - 2014-1735
CVE - 2014-1740
CVE - 2014-1741
CVE - 2014-1742
CVE - 2014-1743
CVE - 2014-1744
CVE - 2014-1746
CVE - 2014-1748
CVE - 2014-3152
CVE - 2014-3154
CVE - 2014-3155
CVE - 2014-3157
CVE - 2014-3160
CVE - 2014-3162
CVE - 2014-3803
DSA-2920
DSA-2930
DSA-3039
USN-2298-1

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;