CVE-2014-1730 Information

Description

Google V8 as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux does not properly store internationalization metadata which allows remote attackers to bypass intended access restrictions by leveraging \type confusion\ and reading property values related to i18n.js and runtime.cc.

Reference

http://googlechromereleases.blogspot.com/2014/04/stable-channel-update_24.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00049.html http://lists.opensuse.org/opensuse-updates/2014-05/msg00050.html http://secunia.com/advisories/58301 http://secunia.com/advisories/60372 http://security.gentoo.org/glsa/glsa-201408-16.xml http://www.debian.org/security/2014/dsa-2920 https://code.google.com/p/chromium/issues/detail?id=354967 https://code.google.com/p/v8/source/detail?r=20375 https://code.google.com/p/v8/source/detail?r=20377 https://code.google.com/p/v8/source/detail?r=20388 https://code.google.com/p/v8/source/detail?r=20593 https://code.google.com/p/v8/source/detail?r=20595