Vulnerability · NVD

CVE-2014-3201

N/A Published on 2014-10-10

core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google Chrome before 38.0.2125.102 on Android, does not properly handle a certain IFRAME overflow condition, which allows remote attackers to spoof content via a crafted web site that interferes with the scrollbar.

EPSS 0.22% exploit very unlikely percentile 44.2%

Tracked apps referencing this CVE

For each app: the affected range, the fixing version, and where the tracked app stands today.

Google Chrome Android com.android.chrome

Affected ≤38.0.2125.101 Fixed in 38.0.2125.101+ Latest tracked 147.0.7727.137 patched

Vulnerable CPE configurations (1)

Vendor	Product	Platform	Versions	CPE 2.3 URI
google	chrome Android	Android	≤38.0.2125.101	cpe:2.3:a:google:chrome::::::android::*

View on NVD ↗