Search for vulnerabilities
Vulnerability details: VCID-xpds-8ea8-aaab
Vulnerability ID VCID-xpds-8ea8-aaab
Aliases CVE-2014-3188
Summary Google Chrome before 38.0.2125.101 and Chrome OS before 38.0.2125.101 do not properly handle the interaction of IPC and Google V8, which allows remote attackers to execute arbitrary code via vectors involving JSON data, related to improper parsing of an escaped index by ParseJsonObject in json-parser.h.
Status Published
Exploitability 0.5
Weighted Severity 9.0
Risk 4.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-94 Improper Control of Generation of Code ('Code Injection')
System Score Found at
generic_textual Medium http://googlechromereleases.blogspot.com/2014/10/stable-channel-update-for-chrome-os.html
generic_textual Medium http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3188.html
rhas Critical https://access.redhat.com/errata/RHSA-2014:1626
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.03581 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.04177 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.04177 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.04177 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.04177 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.04177 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.04177 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.04177 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.04177 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.04177 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.04177 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.04177 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.04177 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.04177 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
epss 0.05294 https://api.first.org/data/v1/epss?cve=CVE-2014-3188
rhbs high https://bugzilla.redhat.com/show_bug.cgi?id=1150848
generic_textual Medium https://code.google.com/p/v8/source/detail?r=24125
generic_textual Medium https://crbug.com/416449
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3188
cvssv2 10.0 https://nvd.nist.gov/vuln/detail/CVE-2014-3188
generic_textual Medium https://ubuntu.com/security/notices/USN-2345-1
Reference id Reference type URL
http://googlechromereleases.blogspot.com/2014/10/stable-channel-update-for-chrome-os.html
http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-3188.html
http://rhn.redhat.com/errata/RHSA-2014-1626.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-3188.json
https://api.first.org/data/v1/epss?cve=CVE-2014-3188
https://code.google.com/p/v8/source/detail?r=24125
https://crbug.com/416449
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3188
https://ubuntu.com/security/notices/USN-2345-1
1150848 https://bugzilla.redhat.com/show_bug.cgi?id=1150848
773671 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=773671
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:chrome_os:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.6.z:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*
CVE-2014-3188 https://nvd.nist.gov/vuln/detail/CVE-2014-3188
GLSA-201412-13 https://security.gentoo.org/glsa/201412-13
RHSA-2014:1626 https://access.redhat.com/errata/RHSA-2014:1626
USN-2345-1 https://usn.ubuntu.com/2345-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2014-3188
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.86654
EPSS Score 0.03581
Published At March 28, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.