CVE-2014-3197 Information

Description

The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink as used in Google Chrome before 38.0.2125.101 does not properly provide substitute data for pages blocked by the XSS auditor which allows remote attackers to obtain sensitive information via a crafted web site.

Reference

http://googlechromereleases.blogspot.com/2014/10/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2014-1626.html http://www.securityfocus.com/bid/70273 https://crbug.com/396544 https://src.chromium.org/viewvc/blink?revision=179240&view=revision