The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome before 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote attackers to obtain sensitive information via a crafted web site.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2014-10-08T10:00:00

Updated: 2024-08-06T10:35:57.081Z

Reserved: 2014-05-03T00:00:00

Link: CVE-2014-3197

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-10-08T10:55:06.690

Modified: 2024-11-21T02:07:38.720

Link: CVE-2014-3197

cve-icon Redhat

Severity : Moderate

Publid Date: 2014-10-07T00:00:00Z

Links: CVE-2014-3197 - Bugzilla