Vulnerability CVE-2014-1731: Information

Description

core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion" for SELECT elements.

Severity: HIGH (7.5)

URL: https://nvd.nist.gov/vuln/detail/CVE-2014-1731
Published: April 26, 2014
Modified: Nov. 7, 2023
Error type identifier: CWE-843

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
chromiumsisyphus34.0.1847.132-alt2124.0.6367.78-alt1ALT-PU-2014-1582-1119189Fixed
chromiump1034.0.1847.132-alt2119.0.6045.159-alt0.p10.1ALT-PU-2014-1582-1119189Fixed
chromiump934.0.1847.132-alt297.0.4692.99-alt0.p9.1ALT-PU-2014-1582-1119189Fixed
chromiumc10f134.0.1847.132-alt2110.0.5481.177-alt1.p10.1ALT-PU-2014-1582-1119189Fixed
chromiumc9f234.0.1847.132-alt284.0.4147.105-alt1.1.p9ALT-PU-2014-1582-1119189Fixed
chromiumc738.0.2125.122-alt0.M70C.238.0.2125.122-alt0.M70C.2ALT-PU-2016-1955-1168870Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
58301
    http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
      openSUSE-SU-2014:0669
        https://support.apple.com/kb/HT6537
          https://src.chromium.org/viewvc/blink?revision=171216&view=revision
            APPLE-SA-2014-06-30-4
              GLSA-201408-16
                60372
                  http://support.apple.com/kb/HT6254
                    openSUSE-SU-2014:0668
                      DSA-2920
                        APPLE-SA-2014-06-30-3
                          https://code.google.com/p/chromium/issues/detail?id=349903
                            APPLE-SA-2014-05-21-1
                              67572

                                  1. Configuration 1

                                    cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
                                    Running on/with:
                                    cpe:2.3:o:apple:mac_os_x:-:*:*:*:*:*:*:*
                                    Running on/with:
                                    cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

                                    Configuration 2

                                    cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
                                    Running on/with:
                                    cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
                                VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                                Version: v24.4.2
                                Back to top