CVE-2014-7923
Description
The Regular Expressions package in International Components for Unicode (ICU) 52 before SVN revision 292944, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via vectors related to a look-behind expression.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A look-behind expression in ICU's Regular Expressions package can cause memory corruption, leading to denial of service or possibly arbitrary code execution in Google Chrome before 40.0.2214.91.
Vulnerability
The vulnerability resides in the Regular Expressions package of International Components for Unicode (ICU) 52 before SVN revision 292944, as integrated in Google Chrome prior to version 40.0.2214.91 [1]. A look-behind expression in ICU's regular expression engine can trigger memory corruption [2].
Exploitation
An attacker can exploit this by crafting a specially designed website that contains a malicious look-behind expression. If a user visits this website, the memory corruption can be triggered remotely. No authentication is required; user interaction is limited to visiting the malicious page [2].
Impact
Successful exploitation can cause a denial of service via renderer crash or potentially allow arbitrary code execution within the sandboxed render process [2][4].
Mitigation
Google Chrome fixed this issue in version 40.0.2214.91. ICU was fixed in SVN revision 292944 [3]. Distributions such as Red Hat, Ubuntu, and Mageia have released updates [1][2][4]. Users should update their software to the latest versions.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
15- cpe:2.3:a:icu-project:international_components_for_unicode:*:*:*:*:*:c\/c\+\+:*:*Range: <55.1
cpe:2.3:a:oracle:communications_messaging_server:7.0.5:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:oracle:communications_messaging_server:7.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:oracle:communications_messaging_server:8.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*+ 1 more
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
20- advisories.mageia.org/MGASA-2015-0047.htmlnvd
- bugs.icu-project.org/trac/ticket/11370nvd
- googlechromereleases.blogspot.com/2015/01/stable-update.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.htmlnvd
- rhn.redhat.com/errata/RHSA-2015-0093.htmlnvd
- secunia.com/advisories/62383nvd
- secunia.com/advisories/62575nvd
- secunia.com/advisories/62665nvd
- security.gentoo.org/glsa/glsa-201502-13.xmlnvd
- www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.htmlnvd
- www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.htmlnvd
- www.securityfocus.com/bid/72288nvd
- www.securitytracker.com/id/1031623nvd
- www.ubuntu.com/usn/USN-2476-1nvd
- chromium.googlesource.com/chromium/deps/icu52/+/3af4ce5982311035e5f36803d547c0befa576c8cnvd
- chromium.googlesource.com/chromium/deps/icu52/+/6242e2fbb36f486f2c0addd1c3cef67fc4ed33fbnvd
- code.google.com/p/chromium/issues/detailnvd
- codereview.chromium.org/726973003nvd
- security.gentoo.org/glsa/201503-06nvd
- www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlnvd
News mentions
0No linked articles in our index yet.