VYPR
← All advisories
Unrated severityNVD Advisory· Published Aug 27, 2014· Updated May 6, 2026

CVE-2014-3168

CVE-2014-3168

Description

Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper caching associated with animation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Use-after-free in Blink's SVG animation caching allows remote attackers to cause denial of service or potentially execute arbitrary code.

Vulnerability

A use-after-free vulnerability exists in the SVG implementation of Blink, the rendering engine used in Google Chrome. The flaw is triggered by improper caching associated with SVG animations, leading to a dangling pointer. This affects Google Chrome versions prior to 37.0.2062.94 [1].

Exploitation

An attacker can exploit this vulnerability by crafting a malicious SVG file containing animation sequences that leverage the caching flaw. No authentication or special privileges are required; the victim only needs to visit a webpage hosting the malicious SVG. The improper caching causes a use-after-free condition when the animation is processed.

Impact

Successful exploitation can lead to a denial of service (browser crash) or potentially arbitrary code execution with the privileges of the browser process [1]. The exact impact may vary depending on the attacker's payload.

Mitigation

The vulnerability is fixed in Google Chrome version 37.0.2062.94 and later. Users should update their browser to the latest version. For Gentoo Linux users, the advisory recommends upgrading to >=www-client/chromium-37.0.2062.94 [1]. No workaround is available.

References
  1. Multiple vulnerabilities (GLSA 201408-16) — Gentoo security

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

87
  • Google/Chrome82 versions
    cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*+ 81 more
    • cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*range: <=37.0.2062.93
    • cpe:2.3:a:google:chrome:37.0.2062.0:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.1:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.10:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.11:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.12:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.13:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.14:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.15:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.16:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.17:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.18:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.19:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.2:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.20:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.21:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.22:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.23:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.24:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.25:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.26:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.27:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.28:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.29:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.3:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.30:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.31:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.32:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.33:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.34:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.35:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.36:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.37:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.39:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.4:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.43:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.44:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.45:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.46:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.47:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.48:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.49:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.5:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.50:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.51:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.52:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.53:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.54:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.55:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.56:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.57:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.58:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.59:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.6:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.60:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.61:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.62:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.63:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.64:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.65:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.66:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.67:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.68:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.69:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.7:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.70:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.71:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.72:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.73:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.74:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.75:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.76:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.77:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.78:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.8:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.80:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.81:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.89:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.9:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.90:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.91:*:*:*:*:*:*:*
    • cpe:2.3:a:google:chrome:37.0.2062.92:*:*:*:*:*:*:*
  • Debian/Debian Linux
    cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
  • OpenSUSE/openSUSE2 versions
    cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:opensuse:opensuse:12.3:*:*:*:*:*:*:*
    • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
  • Google/Google Chromellm-fuzzy
    Range: <37.0.2062.94
  • osv-coords
    pkg:rpm/opensuse/chromium&distro=openSUSE%20Tumbleweed
    Range: < 55.0.2883.75-3.1

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

13

News mentions

0

No linked articles in our index yet.