Security Advisory

CVE-2014-3172

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2014-08-27 01:00:00

Last updated 2024-08-06 10:35:56

Assigner Chrome

State PUBLISHED

Description

The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tabs URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as demonstrated by a chrome:// URL.

← Browse all CVEs View on cve.org ↗