Search for vulnerabilities
Vulnerability details: VCID-a9vu-6gtm-aaac
Vulnerability ID VCID-a9vu-6gtm-aaac
Aliases CVE-2014-3166
Summary The Public Key Pinning (PKP) implementation in Google Chrome before 36.0.1985.143 on Windows, OS X, and Linux, and before 36.0.1985.135 on Android, does not correctly consider the properties of SPDY connections, which allows remote attackers to obtain sensitive information by leveraging the use of multiple domain names.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
generic_textual Medium http://googlechromereleases.blogspot.com/2014/08/chrome-for-android-update.html
generic_textual Medium http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3166.html
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00773 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00935 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00935 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00935 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00935 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00935 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00935 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00935 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00935 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00935 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00935 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00935 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00935 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00935 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00935 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.00935 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
epss 0.01003 https://api.first.org/data/v1/epss?cve=CVE-2014-3166
generic_textual Medium https://code.google.com/p/chromium/issues/detail?id=398925
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3160
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3162
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3165
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3166
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3167
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3168
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3169
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3170
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3171
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3172
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3173
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3174
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3175
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3176
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3177
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3178
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3179
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2014-3166
generic_textual Medium https://src.chromium.org/viewvc/chrome?revision=288435&view=revision
generic_textual Medium https://ubuntu.com/security/notices/USN-2320-1
generic_textual Medium http://www.ietf.org/mail-archive/web/tls/current/msg13345.html
Reference id Reference type URL
http://googlechromereleases.blogspot.com/2014/08/chrome-for-android-update.html
http://googlechromereleases.blogspot.com/2014/08/chrome-for-ios-update.html
http://googlechromereleases.blogspot.com/2014/08/stable-channel-update.html
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3166.html
https://api.first.org/data/v1/epss?cve=CVE-2014-3166
https://code.google.com/p/chromium/issues/detail?id=398925
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3162
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3165
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3166
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3167
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3168
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3170
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3171
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3172
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3173
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3174
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3175
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3179
http://secunia.com/advisories/59693
http://secunia.com/advisories/59904
http://secunia.com/advisories/60685
http://secunia.com/advisories/60798
http://security.gentoo.org/glsa/glsa-201408-16.xml
https://src.chromium.org/viewvc/chrome?revision=286598&view=revision
https://src.chromium.org/viewvc/chrome?revision=288435&view=revision
https://ubuntu.com/security/notices/USN-2320-1
http://www.debian.org/security/2014/dsa-3039
http://www.ietf.org/mail-archive/web/tls/current/msg13345.html
http://www.securityfocus.com/bid/69202
http://www.securitytracker.com/id/1030732
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
CVE-2014-3166 https://nvd.nist.gov/vuln/detail/CVE-2014-3166
GLSA-201408-16 https://security.gentoo.org/glsa/201408-16
USN-2320-1 https://usn.ubuntu.com/2320-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2014-3166
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.71291
EPSS Score 0.00773
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.