CVE-2014-3161 - 漏洞详情

CVE-2014-3161 (CNNVD-201407-505)

HIGH

中文标题:

Google Chrome 权限许可和访问控制漏洞

英文标题:

The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc...

CVSS分数: 7.5

发布时间: 2014-07-20 10:00:00

漏洞类型: 授权问题

状态: PUBLISHED

数据质量分数: 0.30

数据版本: v3

漏洞描述

中文描述:

Google Chrome是美国谷歌（Google）公司开发的一款Web浏览器。基于Android平台的Google Chrome 36.0.1985.106及之前版本的content/renderer/media/android/webmediaplayer_android.cc文件中的‘WebMediaPlayerAndroid::load’函数存在安全漏洞，该漏洞源于程序没有正确处理重定向。远程攻击者可借助解析视频流的网站利用该漏洞绕过同源策略。

英文描述:

The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc in Google Chrome before 36.0.1985.122 on Android does not properly interact with redirects, which allows remote attackers to bypass the Same Origin Policy via a crafted web site that hosts a video stream.

CWE类型:

CWE-264

受影响产品

厂商	产品	版本	版本范围	平台	CPE
google	chrome	*	-	-	`cpe:2.3:a:google:chrome::::::::`
google	chrome	36.0.1985.1	-	-	`cpe:2.3:a:google:chrome:36.0.1985.1:::::::*`
google	chrome	36.0.1985.2	-	-	`cpe:2.3:a:google:chrome:36.0.1985.2:::::::*`
google	chrome	36.0.1985.3	-	-	`cpe:2.3:a:google:chrome:36.0.1985.3:::::::*`
google	chrome	36.0.1985.4	-	-	`cpe:2.3:a:google:chrome:36.0.1985.4:::::::*`
google	chrome	36.0.1985.5	-	-	`cpe:2.3:a:google:chrome:36.0.1985.5:::::::*`
google	chrome	36.0.1985.6	-	-	`cpe:2.3:a:google:chrome:36.0.1985.6:::::::*`
google	chrome	36.0.1985.8	-	-	`cpe:2.3:a:google:chrome:36.0.1985.8:::::::*`
google	chrome	36.0.1985.12	-	-	`cpe:2.3:a:google:chrome:36.0.1985.12:::::::*`
google	chrome	36.0.1985.13	-	-	`cpe:2.3:a:google:chrome:36.0.1985.13:::::::*`
google	chrome	36.0.1985.14	-	-	`cpe:2.3:a:google:chrome:36.0.1985.14:::::::*`
google	chrome	36.0.1985.15	-	-	`cpe:2.3:a:google:chrome:36.0.1985.15:::::::*`
google	chrome	36.0.1985.16	-	-	`cpe:2.3:a:google:chrome:36.0.1985.16:::::::*`
google	chrome	36.0.1985.17	-	-	`cpe:2.3:a:google:chrome:36.0.1985.17:::::::*`
google	chrome	36.0.1985.18	-	-	`cpe:2.3:a:google:chrome:36.0.1985.18:::::::*`
google	chrome	36.0.1985.19	-	-	`cpe:2.3:a:google:chrome:36.0.1985.19:::::::*`
google	chrome	36.0.1985.20	-	-	`cpe:2.3:a:google:chrome:36.0.1985.20:::::::*`
google	chrome	36.0.1985.21	-	-	`cpe:2.3:a:google:chrome:36.0.1985.21:::::::*`
google	chrome	36.0.1985.22	-	-	`cpe:2.3:a:google:chrome:36.0.1985.22:::::::*`
google	chrome	36.0.1985.23	-	-	`cpe:2.3:a:google:chrome:36.0.1985.23:::::::*`
google	chrome	36.0.1985.24	-	-	`cpe:2.3:a:google:chrome:36.0.1985.24:::::::*`
google	chrome	36.0.1985.25	-	-	`cpe:2.3:a:google:chrome:36.0.1985.25:::::::*`
google	chrome	36.0.1985.26	-	-	`cpe:2.3:a:google:chrome:36.0.1985.26:::::::*`
google	chrome	36.0.1985.27	-	-	`cpe:2.3:a:google:chrome:36.0.1985.27:::::::*`
google	chrome	36.0.1985.28	-	-	`cpe:2.3:a:google:chrome:36.0.1985.28:::::::*`
google	chrome	36.0.1985.29	-	-	`cpe:2.3:a:google:chrome:36.0.1985.29:::::::*`
google	chrome	36.0.1985.30	-	-	`cpe:2.3:a:google:chrome:36.0.1985.30:::::::*`
google	chrome	36.0.1985.31	-	-	`cpe:2.3:a:google:chrome:36.0.1985.31:::::::*`
google	chrome	36.0.1985.32	-	-	`cpe:2.3:a:google:chrome:36.0.1985.32:::::::*`
google	chrome	36.0.1985.33	-	-	`cpe:2.3:a:google:chrome:36.0.1985.33:::::::*`
google	chrome	36.0.1985.34	-	-	`cpe:2.3:a:google:chrome:36.0.1985.34:::::::*`
google	chrome	36.0.1985.35	-	-	`cpe:2.3:a:google:chrome:36.0.1985.35:::::::*`
google	chrome	36.0.1985.36	-	-	`cpe:2.3:a:google:chrome:36.0.1985.36:::::::*`
google	chrome	36.0.1985.37	-	-	`cpe:2.3:a:google:chrome:36.0.1985.37:::::::*`
google	chrome	36.0.1985.38	-	-	`cpe:2.3:a:google:chrome:36.0.1985.38:::::::*`
google	chrome	36.0.1985.39	-	-	`cpe:2.3:a:google:chrome:36.0.1985.39:::::::*`
google	chrome	36.0.1985.40	-	-	`cpe:2.3:a:google:chrome:36.0.1985.40:::::::*`
google	chrome	36.0.1985.41	-	-	`cpe:2.3:a:google:chrome:36.0.1985.41:::::::*`
google	chrome	36.0.1985.42	-	-	`cpe:2.3:a:google:chrome:36.0.1985.42:::::::*`
google	chrome	36.0.1985.43	-	-	`cpe:2.3:a:google:chrome:36.0.1985.43:::::::*`
google	chrome	36.0.1985.44	-	-	`cpe:2.3:a:google:chrome:36.0.1985.44:::::::*`
google	chrome	36.0.1985.45	-	-	`cpe:2.3:a:google:chrome:36.0.1985.45:::::::*`
google	chrome	36.0.1985.46	-	-	`cpe:2.3:a:google:chrome:36.0.1985.46:::::::*`
google	chrome	36.0.1985.47	-	-	`cpe:2.3:a:google:chrome:36.0.1985.47:::::::*`
google	chrome	36.0.1985.48	-	-	`cpe:2.3:a:google:chrome:36.0.1985.48:::::::*`
google	chrome	36.0.1985.49	-	-	`cpe:2.3:a:google:chrome:36.0.1985.49:::::::*`
google	chrome	36.0.1985.50	-	-	`cpe:2.3:a:google:chrome:36.0.1985.50:::::::*`
google	chrome	36.0.1985.51	-	-	`cpe:2.3:a:google:chrome:36.0.1985.51:::::::*`
google	chrome	36.0.1985.52	-	-	`cpe:2.3:a:google:chrome:36.0.1985.52:::::::*`
google	chrome	36.0.1985.53	-	-	`cpe:2.3:a:google:chrome:36.0.1985.53:::::::*`
google	chrome	36.0.1985.54	-	-	`cpe:2.3:a:google:chrome:36.0.1985.54:::::::*`
google	chrome	36.0.1985.55	-	-	`cpe:2.3:a:google:chrome:36.0.1985.55:::::::*`
google	chrome	36.0.1985.56	-	-	`cpe:2.3:a:google:chrome:36.0.1985.56:::::::*`
google	chrome	36.0.1985.57	-	-	`cpe:2.3:a:google:chrome:36.0.1985.57:::::::*`
google	chrome	36.0.1985.58	-	-	`cpe:2.3:a:google:chrome:36.0.1985.58:::::::*`
google	chrome	36.0.1985.59	-	-	`cpe:2.3:a:google:chrome:36.0.1985.59:::::::*`
google	chrome	36.0.1985.60	-	-	`cpe:2.3:a:google:chrome:36.0.1985.60:::::::*`
google	chrome	36.0.1985.61	-	-	`cpe:2.3:a:google:chrome:36.0.1985.61:::::::*`
google	chrome	36.0.1985.62	-	-	`cpe:2.3:a:google:chrome:36.0.1985.62:::::::*`
google	chrome	36.0.1985.63	-	-	`cpe:2.3:a:google:chrome:36.0.1985.63:::::::*`
google	chrome	36.0.1985.64	-	-	`cpe:2.3:a:google:chrome:36.0.1985.64:::::::*`
google	chrome	36.0.1985.65	-	-	`cpe:2.3:a:google:chrome:36.0.1985.65:::::::*`
google	chrome	36.0.1985.66	-	-	`cpe:2.3:a:google:chrome:36.0.1985.66:::::::*`
google	chrome	36.0.1985.67	-	-	`cpe:2.3:a:google:chrome:36.0.1985.67:::::::*`
google	chrome	36.0.1985.68	-	-	`cpe:2.3:a:google:chrome:36.0.1985.68:::::::*`
google	chrome	36.0.1985.69	-	-	`cpe:2.3:a:google:chrome:36.0.1985.69:::::::*`
google	chrome	36.0.1985.70	-	-	`cpe:2.3:a:google:chrome:36.0.1985.70:::::::*`
google	chrome	36.0.1985.72	-	-	`cpe:2.3:a:google:chrome:36.0.1985.72:::::::*`
google	chrome	36.0.1985.73	-	-	`cpe:2.3:a:google:chrome:36.0.1985.73:::::::*`
google	chrome	36.0.1985.74	-	-	`cpe:2.3:a:google:chrome:36.0.1985.74:::::::*`
google	chrome	36.0.1985.75	-	-	`cpe:2.3:a:google:chrome:36.0.1985.75:::::::*`
google	chrome	36.0.1985.76	-	-	`cpe:2.3:a:google:chrome:36.0.1985.76:::::::*`
google	chrome	36.0.1985.77	-	-	`cpe:2.3:a:google:chrome:36.0.1985.77:::::::*`
google	chrome	36.0.1985.78	-	-	`cpe:2.3:a:google:chrome:36.0.1985.78:::::::*`
google	chrome	36.0.1985.79	-	-	`cpe:2.3:a:google:chrome:36.0.1985.79:::::::*`
google	chrome	36.0.1985.81	-	-	`cpe:2.3:a:google:chrome:36.0.1985.81:::::::*`
google	chrome	36.0.1985.82	-	-	`cpe:2.3:a:google:chrome:36.0.1985.82:::::::*`
google	chrome	36.0.1985.83	-	-	`cpe:2.3:a:google:chrome:36.0.1985.83:::::::*`
google	chrome	36.0.1985.84	-	-	`cpe:2.3:a:google:chrome:36.0.1985.84:::::::*`
google	chrome	36.0.1985.85	-	-	`cpe:2.3:a:google:chrome:36.0.1985.85:::::::*`
google	chrome	36.0.1985.86	-	-	`cpe:2.3:a:google:chrome:36.0.1985.86:::::::*`
google	chrome	36.0.1985.87	-	-	`cpe:2.3:a:google:chrome:36.0.1985.87:::::::*`
google	chrome	36.0.1985.88	-	-	`cpe:2.3:a:google:chrome:36.0.1985.88:::::::*`
google	chrome	36.0.1985.89	-	-	`cpe:2.3:a:google:chrome:36.0.1985.89:::::::*`
google	chrome	36.0.1985.90	-	-	`cpe:2.3:a:google:chrome:36.0.1985.90:::::::*`
google	chrome	36.0.1985.91	-	-	`cpe:2.3:a:google:chrome:36.0.1985.91:::::::*`
google	chrome	36.0.1985.92	-	-	`cpe:2.3:a:google:chrome:36.0.1985.92:::::::*`
google	chrome	36.0.1985.93	-	-	`cpe:2.3:a:google:chrome:36.0.1985.93:::::::*`
google	chrome	36.0.1985.94	-	-	`cpe:2.3:a:google:chrome:36.0.1985.94:::::::*`
google	chrome	36.0.1985.95	-	-	`cpe:2.3:a:google:chrome:36.0.1985.95:::::::*`
google	chrome	36.0.1985.96	-	-	`cpe:2.3:a:google:chrome:36.0.1985.96:::::::*`
google	chrome	36.0.1985.97	-	-	`cpe:2.3:a:google:chrome:36.0.1985.97:::::::*`
google	chrome	36.0.1985.98	-	-	`cpe:2.3:a:google:chrome:36.0.1985.98:::::::*`
google	chrome	36.0.1985.99	-	-	`cpe:2.3:a:google:chrome:36.0.1985.99:::::::*`
google	chrome	36.0.1985.100	-	-	`cpe:2.3:a:google:chrome:36.0.1985.100:::::::*`
google	chrome	36.0.1985.101	-	-	`cpe:2.3:a:google:chrome:36.0.1985.101:::::::*`
google	chrome	36.0.1985.102	-	-	`cpe:2.3:a:google:chrome:36.0.1985.102:::::::*`
google	chrome	36.0.1985.103	-	-	`cpe:2.3:a:google:chrome:36.0.1985.103:::::::*`
google	chrome	36.0.1985.104	-	-	`cpe:2.3:a:google:chrome:36.0.1985.104:::::::*`
google	chrome	36.0.1985.105	-	-	`cpe:2.3:a:google:chrome:36.0.1985.105:::::::*`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）

临时解决方案:

（暂无数据）

参考链接

无标题 x_refsource_CONFIRM
cve.org

访问

无标题 x_refsource_CONFIRM
cve.org

访问

无标题 x_refsource_CONFIRM
cve.org

访问

CVSS评分详情

7.5

HIGH

CVSS向量: AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS版本: 2.0

机密性

PARTIAL

完整性

PARTIAL

可用性

PARTIAL

时间信息

发布时间:

2014-07-20 10:00:00

修改时间:

2024-08-06 10:35:56

创建时间:

2025-11-11 15:33:46

更新时间:

2025-11-11 15:51:30

利用信息

暂无可利用代码信息

数据源详情

数据源	记录ID	版本	提取时间
CVE	`cve_CVE-2014-3161`	2025-11-11 15:18:45	2025-11-11 07:33:46
NVD	`nvd_CVE-2014-3161`	2025-11-11 14:54:33	2025-11-11 07:42:32
CNNVD	`cnnvd_CNNVD-201407-505`	2025-11-11 15:09:28	2025-11-11 07:51:30

版本与语言

当前版本: v3

主要语言: EN

支持语言:

EN ZH

安全公告

暂无安全公告信息

变更历史

v3 CNNVD

2025-11-11 15:51:30

vulnerability_type: 未提取 → 授权问题; cnnvd_id: 未提取 → CNNVD-201407-505; data_sources: ['cve', 'nvd'] → ['cnnvd', 'cve', 'nvd']

查看详细变更

vulnerability_type: 未提取 -> 授权问题
cnnvd_id: 未提取 -> CNNVD-201407-505
data_sources: ['cve', 'nvd'] -> ['cnnvd', 'cve', 'nvd']

v2 NVD

2025-11-11 15:42:32

severity: SeverityLevel.MEDIUM → SeverityLevel.HIGH; cvss_score: 未提取 → 7.5; cvss_vector: NOT_EXTRACTED → AV:N/AC:L/Au:N/C:P/I:P/A:P; cvss_version: NOT_EXTRACTED → 2.0; affected_products_count: 0 → 100; data_sources: ['cve'] → ['cve', 'nvd']

查看详细变更

severity: SeverityLevel.MEDIUM -> SeverityLevel.HIGH
cvss_score: 未提取 -> 7.5
cvss_vector: NOT_EXTRACTED -> AV:N/AC:L/Au:N/C:P/I:P/A:P
cvss_version: NOT_EXTRACTED -> 2.0
affected_products_count: 0 -> 100
data_sources: ['cve'] -> ['cve', 'nvd']

CVE-2014-3161 (CNNVD-201407-505)

中文标题:

Google Chrome 权限许可和访问控制漏洞

英文标题:

The WebMediaPlayerAndroid::load function in content/renderer/media/android/webmediaplayer_android.cc...

漏洞描述

中文描述:

英文描述:

CWE类型:

标签:

受影响产品

解决方案

中文解决方案:

英文解决方案:

临时解决方案:

参考链接

CVSS评分详情

时间信息

利用信息

数据源详情

版本与语言

安全公告

变更历史