VYPR
← All advisories
Unrated severityNVD Advisory· Published Nov 19, 2014· Updated May 6, 2026

CVE-2014-7899

CVE-2014-7899

Description

Google Chrome before 38.0.2125.101 allows address bar spoofing via crafted URLs with blob: prefix and long username.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Google Chrome before 38.0.2125.101 allows address bar spoofing via crafted URLs with blob: prefix and long username.

Vulnerability

Google Chrome versions prior to 38.0.2125.101 are vulnerable to address bar spoofing. An attacker can craft a URL that begins with blob: followed by the original URI scheme and a long username string. When a user visits such a URL, the address bar may display misleading content, hiding the true destination [1][3].

Exploitation

An attacker can exploit this by crafting a malicious URL and enticing a user to click on it, typically through a phishing link. No special authentication or network position is required; the user simply needs to navigate to the URL in an affected Chrome version.

Impact

Successful exploitation allows the attacker to spoof the address bar, potentially leading users to believe they are on a legitimate site. This can facilitate phishing attacks or other social engineering, though no code execution or direct data disclosure is achieved.

Mitigation

Users should upgrade to Google Chrome 38.0.2125.101 or later. The fix was implemented in revision 279232 [3]. Red Hat Enterprise Linux users can apply RHSA-2014:1894 for updated packages [1].

References
  1. http://rhn.redhat.com/errata/RHSA-2014-1894.html
  2. src.chromium.org SVN

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

0

No linked articles in our index yet.