Bug 1091834 (CVE-2014-1730) - CVE-2014-1730 v8: type confusion issue fixed in Google Chrome 34.0.1847.131
Summary: CVE-2014-1730 v8: type confusion issue fixed in Google Chrome 34.0.1847.131
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2014-1730
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: Embargoed1091840
TreeView+ depends on / blocked
 
Reported: 2014-04-28 07:25 UTC by Murray McAllister
Modified: 2020-11-05 10:33 UTC (History)
51 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-06-16 20:09:36 UTC

Attachments (Terms of Use)

Description Murray McAllister 2014-04-28 07:25:29 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2014-1730 to
the following vulnerability:

Name: CVE-2014-1730
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-1730
Assigned: 20140129
Reference: http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
Reference: https://code.google.com/p/chromium/issues/detail?id=354967
Reference: https://code.google.com/p/v8/source/detail?r=20375
Reference: https://code.google.com/p/v8/source/detail?r=20377
Reference: https://code.google.com/p/v8/source/detail?r=20388
Reference: https://code.google.com/p/v8/source/detail?r=20593
Reference: https://code.google.com/p/v8/source/detail?r=20595

Google V8, as used in Google Chrome before 34.0.1847.131 on Windows
and OS X and before 34.0.1847.132 on Linux, does not properly store
internationalization metadata, which allows remote attackers to bypass
intended access restrictions by leveraging "type confusion" and
reading property values, related to i18n.js and runtime.cc.

It appears as though the Fedora packages may not be affected.
Comment 1 Tomas Hoger 2014-06-16 20:09:36 UTC 
Not applicable to v8 3.14.
Note You need to log in before you can comment on or make changes to this bug.