Google Chrome CVE-2014-3160 Weak Authentication Vulnerability

description-logoDescription

The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file.

affected-products-logoAffected Applications

Google Chrome

CVE References

CVE-2014-3160