CVE-2014-1730
Publication date 26 April 2014
Last updated 24 July 2024
Ubuntu priority
Google V8, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly store internationalization metadata, which allows remote attackers to bypass intended access restrictions by leveraging "type confusion" and reading property values, related to i18n.js and runtime.cc.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| chromium-browser | ||
| 18.04 LTS bionic |
Fixed 35.0.1916.153-0ubuntu1~pkg1029
|
|
| 16.04 LTS xenial |
Fixed 35.0.1916.153-0ubuntu1~pkg1029
|
|
| 14.04 LTS trusty |
Fixed 36.0.1985.125-0ubuntu1.14.04.0~pkg1029
|
|
| libv8 | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Not in release | |
| 14.04 LTS trusty | Not in release | |
| libv8-3.14 | ||
| 18.04 LTS bionic | Ignored libv8 not supported | |
| 16.04 LTS xenial | Ignored libv8 not supported | |
| 14.04 LTS trusty | Not in release | |
| oxide-qt | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial |
Fixed 1.1.0~bzr540-0ubuntu1
|
|
| 14.04 LTS trusty |
Fixed 1.0.4-0ubuntu0.14.04.1
|
|
Notes
References
Related Ubuntu Security Notices (USN)
- USN-2298-1
- Oxide vulnerabilities
- 23 July 2014
Other references
- https://code.google.com/p/v8/source/detail?r=20595
- https://code.google.com/p/v8/source/detail?r=20593
- https://code.google.com/p/v8/source/detail?r=20388
- https://code.google.com/p/v8/source/detail?r=20377
- https://code.google.com/p/v8/source/detail?r=20375
- https://code.google.com/p/chromium/issues/detail?id=354967
- http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html
- https://www.cve.org/CVERecord?id=CVE-2014-1730