Details of VAR-201410-1227

ID

VAR-201410-1227

CVE

CVE-2014-3187

TITLE

iOS Run on Google Chrome Vulnerabilities in obtaining video and audio data from devices

Trust: 0.8

sources: JVNDB: JVNDB-2014-004573

DESCRIPTION

Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted web site. Google Chrome for iOS is prone to an unspecified security vulnerability. The impact of this issue is currently unknown. We will update this BID when more information emerges. Versions prior to Google Chrome for iOS 38.0.2125.59 are vulnerable. Google Chrome is a web browser developed by Google (Google). The vulnerability stems from the fact that the program does not correctly handle the restrictions of facetime:// and facetime-audio:// URLs

Trust: 1.98

sources: NVD: CVE-2014-3187 // JVNDB: JVNDB-2014-004573 // BID: 70272 // VULHUB: VHN-71126

AFFECTED PRODUCTS

vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.0	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.4	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.39	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.43	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.13	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.10	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.11	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.1	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.44	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.45	Trust: 1.6
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.3	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.17	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.57	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	eq	version:	-	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.30	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.56	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	38.0.2125.7	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.54	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.22	Trust: 1.0
vendor:	google	model:	chrome	scope:	lte	version:	37.0.2062.59	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.16	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.5	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.23	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.47	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.20	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.48	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.58	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.18	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.50	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.32	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.37	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.24	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.29	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.35	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.12	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.27	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.51	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.14	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.2	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.25	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.53	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.21	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.34	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.26	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.33	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.46	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.15	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.49	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.55	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.19	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.28	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.6	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.52	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.36	Trust: 1.0
vendor:	google	model:	chrome	scope:	eq	version:	37.0.2062.31	Trust: 1.0
vendor:	google	model:	chrome	scope:	lt	version:	38.x	Trust: 0.8
vendor:	apple	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	google	model:	chrome	scope:	eq	version:	38.0.2125.59	Trust: 0.8

sources: JVNDB: JVNDB-2014-004573 // CNNVD: CNNVD-201410-149 // NVD: CVE-2014-3187

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-3187
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2014-3187
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201410-149
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-71126
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-3187
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-71126
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-71126 // JVNDB: JVNDB-2014-004573 // CNNVD: CNNVD-201410-149 // NVD: CVE-2014-3187

PROBLEMTYPE DATA

problemtype:

CWE-79

Trust: 1.9

sources: VULHUB: VHN-71126 // JVNDB: JVNDB-2014-004573 // NVD: CVE-2014-3187

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201410-149

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201410-149

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-004573

PATCH

title:	Google Chrome	url:	https://www.google.com/intl/ja/chrome/browser/features.html	Trust: 0.8
title:	Chrome for iOS Update	url:	http://googlechromereleases.blogspot.jp/2014/10/chrome-for-ios-update.html	Trust: 0.8
title:	Chrome-38.2125.59	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51820	Trust: 0.6
title:	Google Chrome-37.0.2062.60	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51819	Trust: 0.6

sources: JVNDB: JVNDB-2014-004573 // CNNVD: CNNVD-201410-149

EXTERNAL IDS

db:	NVD	id:	CVE-2014-3187	Trust: 2.8
db:	JVNDB	id:	JVNDB-2014-004573	Trust: 0.8
db:	CNNVD	id:	CNNVD-201410-149	Trust: 0.7
db:	BID	id:	70272	Trust: 0.4
db:	VULHUB	id:	VHN-71126	Trust: 0.1

sources: VULHUB: VHN-71126 // BID: 70272 // JVNDB: JVNDB-2014-004573 // CNNVD: CNNVD-201410-149 // NVD: CVE-2014-3187

REFERENCES

url:	http://googlechromereleases.blogspot.com/2014/10/chrome-for-ios-update.html	Trust: 1.7
url:	https://code.google.com/p/chromium/issues/detail?id=413831	Trust: 1.7
url:	http://twitter.com/s9labs/statuses/519576582742999043	Trust: 1.7
url:	https://medium.com/section-9-lab/abusing-ios-url-handlers-on-messages-96979e8b12f5	Trust: 1.7
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3187	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3187	Trust: 0.8
url:	http://www.google.com/chrome	Trust: 0.3
url:	http://googlechromereleases.blogspot.in/2014/10/chrome-for-ios-update.html	Trust: 0.3

sources: VULHUB: VHN-71126 // BID: 70272 // JVNDB: JVNDB-2014-004573 // CNNVD: CNNVD-201410-149 // NVD: CVE-2014-3187

CREDITS

Matias Brutti

Trust: 0.3

sources: BID: 70272

SOURCES

db:	VULHUB	id:	VHN-71126
db:	BID	id:	70272
db:	JVNDB	id:	JVNDB-2014-004573
db:	CNNVD	id:	CNNVD-201410-149
db:	NVD	id:	CVE-2014-3187

LAST UPDATE DATE

2025-04-13T23:31:37.075000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-71126	date:	2014-10-08T00:00:00
db:	BID	id:	70272	date:	2014-10-07T00:00:00
db:	JVNDB	id:	JVNDB-2014-004573	date:	2014-10-09T00:00:00
db:	CNNVD	id:	CNNVD-201410-149	date:	2014-10-13T00:00:00
db:	NVD	id:	CVE-2014-3187	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-71126	date:	2014-10-08T00:00:00
db:	BID	id:	70272	date:	2014-10-07T00:00:00
db:	JVNDB	id:	JVNDB-2014-004573	date:	2014-10-09T00:00:00
db:	CNNVD	id:	CNNVD-201410-149	date:	2014-10-13T00:00:00
db:	NVD	id:	CVE-2014-3187	date:	2014-10-08T10:55:05.987