VYPR
Unrated severityNVD Advisory· Published Jul 20, 2014· Updated Jun 17, 2026

CVE-2014-3160

CVE-2014-3160

Description

The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

107
  • Google/Chrome104 versions
    cpe:2.3:a:google:chrome:36.0.1985.1:*:*:*:*:*:*:*+ 103 more
    • cpe:2.3:a:google:chrome:36.0.1985.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.100:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.101:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.102:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.103:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.104:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.105:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.106:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.12:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.122:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.123:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.124:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.13:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.14:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.15:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.16:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.17:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.18:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.19:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.2:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.20:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.21:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.22:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.23:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.24:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.25:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.26:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.27:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.28:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.29:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.3:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.30:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.31:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.32:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.33:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.34:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.35:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.36:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.37:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.38:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.39:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.4:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.40:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.41:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.42:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.43:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.44:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.45:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.46:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.47:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.48:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.49:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.5:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.50:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.51:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.52:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.53:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.54:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.55:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.56:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.57:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.58:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.59:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.6:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.60:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.61:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.62:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.63:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.64:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.65:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.66:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.67:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.68:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.69:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.70:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.72:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.73:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.74:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.75:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.76:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.77:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.78:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.79:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.8:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.81:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.82:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.83:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.84:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.85:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.86:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.87:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.88:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.89:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.90:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.91:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.92:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.93:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.94:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.95:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.96:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.97:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.98:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:36.0.1985.99:*:*:*:*:*:*:*
    • (no CPE)range: <36.0.1985.125
  • Debian/linux2 versions
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.