Oval Definition:oval:org.opensuse.security:def:20143160
Revision Date:2022-06-30Version:1
Title:CVE-2014-3160
Description:

The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2014-3160
Mitre CVE-2014-3160
SUSE CVE-2014-3160
openSUSE-SU-2014:0982-1
Platform(s):openSUSE 12.3 Update
openSUSE 13.1
openSUSE Leap 15.0
openSUSE Tumbleweed
Product(s):
Definition Synopsis
  • openSUSE 13.1 is installed
  • AND Package Information
  • chromedriver-36.0.1985.125-41.1 is installed
  • OR chromium-36.0.1985.125-41.1 is installed
  • OR chromium-desktop-gnome-36.0.1985.125-41.1 is installed
  • OR chromium-desktop-kde-36.0.1985.125-41.1 is installed
  • OR chromium-ffmpegsumo-36.0.1985.125-41.1 is installed
  • OR chromium-suid-helper-36.0.1985.125-41.1 is installed
    • Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • chromium-66.0.3359.170-lp150.1 is installed
  • AND chromium is signed with openSUSE key
    • Definition Synopsis
  • openSUSE Tumbleweed is installed
  • AND Package Information
  • chromedriver-55.0.2883.75-3.1 is installed
  • OR chromium-55.0.2883.75-3.1 is installed
    • BACK