Vulnerability CVE-2014-7948: Information

Description

The AppCacheUpdateJob::URLFetcher::OnResponseStarted function in content/browser/appcache/appcache_update_job.cc in Google Chrome before 40.0.2214.91 proceeds with AppCache caching for SSL sessions even if there is an X.509 certificate error, which allows man-in-the-middle attackers to spoof HTML5 application content via a crafted certificate.

Severity: MEDIUM (4.3)

URL: https://nvd.nist.gov/vuln/detail/CVE-2014-7948

Published: Jan. 23, 2015

Modified: Nov. 7, 2023

Error type identifier: CWE-310

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
chromium	sisyphus	40.0.2214.93-alt1	124.0.6367.78-alt1	ALT-PU-2015-1098-1	139294	Fixed
chromium	p10	40.0.2214.93-alt1	119.0.6045.159-alt0.p10.1	ALT-PU-2015-1098-1	139294	Fixed
chromium	p9	40.0.2214.93-alt1	97.0.4692.99-alt0.p9.1	ALT-PU-2015-1098-1	139294	Fixed
chromium	c10f1	40.0.2214.93-alt1	110.0.5481.177-alt1.p10.1	ALT-PU-2015-1098-1	139294	Fixed
chromium	c9f2	40.0.2214.93-alt1	84.0.4147.105-alt1.1.p9	ALT-PU-2015-1098-1	139294	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
62665
http://googlechromereleases.blogspot.com/2015/01/stable-update.html
62575
https://codereview.chromium.org/645123003
USN-2476-1
72288
GLSA-201502-13
https://code.google.com/p/chromium/issues/detail?id=414026
1031623
https://codereview.chromium.org/725573004
openSUSE-SU-2015:0441
RHSA-2015:0093
62383
https://codereview.chromium.org/579593003

Affected configurations:
1. Configuration 1
  cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
  End including
  40.0.2214.85

Version: v24.4.2

Vulnerability CVE-2014-7948: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1