VAR-201410-1227
Vulnerability from variot - Updated: 2025-04-13 23:31Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted web site. Google Chrome for iOS is prone to an unspecified security vulnerability. The impact of this issue is currently unknown. We will update this BID when more information emerges. Versions prior to Google Chrome for iOS 38.0.2125.59 are vulnerable. Google Chrome is a web browser developed by Google (Google). The vulnerability stems from the fact that the program does not correctly handle the restrictions of facetime:// and facetime-audio:// URLs
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201410-1227",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "chrome",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "37.0.2062.0"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "37.0.2062.4"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "37.0.2062.39"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "37.0.2062.43"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "37.0.2062.13"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "37.0.2062.10"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "37.0.2062.11"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "37.0.2062.1"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "37.0.2062.44"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.6,
"vendor": "google",
"version": "37.0.2062.45"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.3"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.17"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.57"
},
{
"model": "iphone os",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": null
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.30"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.56"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "38.0.2125.7"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.54"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.22"
},
{
"model": "chrome",
"scope": "lte",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.59"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.16"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.5"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.23"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.47"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.20"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.48"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.58"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.18"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.50"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.32"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.37"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.24"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.29"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.35"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.12"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.27"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.51"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.14"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.2"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.25"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.53"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.21"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.34"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.26"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.33"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.46"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.15"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.49"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.55"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.19"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.28"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.6"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.52"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.36"
},
{
"model": "chrome",
"scope": "eq",
"trust": 1.0,
"vendor": "google",
"version": "37.0.2062.31"
},
{
"model": "chrome",
"scope": "lt",
"trust": 0.8,
"vendor": "google",
"version": "38.x"
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "apple",
"version": null
},
{
"model": "chrome",
"scope": "eq",
"trust": 0.8,
"vendor": "google",
"version": "38.0.2125.59"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004573"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-149"
},
{
"db": "NVD",
"id": "CVE-2014-3187"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/a:google:chrome",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:iphone_os",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004573"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Matias Brutti",
"sources": [
{
"db": "BID",
"id": "70272"
}
],
"trust": 0.3
},
"cve": "CVE-2014-3187",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2014-3187",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-71126",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2014-3187",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2014-3187",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201410-149",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-71126",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71126"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004573"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-149"
},
{
"db": "NVD",
"id": "CVE-2014-3187"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Google Chrome before 37.0.2062.60 and 38.x before 38.0.2125.59 on iOS does not properly restrict processing of (1) facetime:// and (2) facetime-audio:// URLs, which allows remote attackers to obtain video and audio data from a device via a crafted web site. Google Chrome for iOS is prone to an unspecified security vulnerability. \nThe impact of this issue is currently unknown. We will update this BID when more information emerges. \nVersions prior to Google Chrome for iOS 38.0.2125.59 are vulnerable. Google Chrome is a web browser developed by Google (Google). The vulnerability stems from the fact that the program does not correctly handle the restrictions of facetime:// and facetime-audio:// URLs",
"sources": [
{
"db": "NVD",
"id": "CVE-2014-3187"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004573"
},
{
"db": "BID",
"id": "70272"
},
{
"db": "VULHUB",
"id": "VHN-71126"
}
],
"trust": 1.98
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2014-3187",
"trust": 2.8
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004573",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201410-149",
"trust": 0.7
},
{
"db": "BID",
"id": "70272",
"trust": 0.4
},
{
"db": "VULHUB",
"id": "VHN-71126",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71126"
},
{
"db": "BID",
"id": "70272"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004573"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-149"
},
{
"db": "NVD",
"id": "CVE-2014-3187"
}
]
},
"id": "VAR-201410-1227",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-71126"
}
],
"trust": 0.01
},
"last_update_date": "2025-04-13T23:31:37.075000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Google Chrome",
"trust": 0.8,
"url": "https://www.google.com/intl/ja/chrome/browser/features.html"
},
{
"title": "Chrome for iOS Update",
"trust": 0.8,
"url": "http://googlechromereleases.blogspot.jp/2014/10/chrome-for-ios-update.html"
},
{
"title": "Chrome-38.2125.59",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51820"
},
{
"title": "Google Chrome-37.0.2062.60",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=51819"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004573"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-149"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-79",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71126"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004573"
},
{
"db": "NVD",
"id": "CVE-2014-3187"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://googlechromereleases.blogspot.com/2014/10/chrome-for-ios-update.html"
},
{
"trust": 1.7,
"url": "https://code.google.com/p/chromium/issues/detail?id=413831"
},
{
"trust": 1.7,
"url": "http://twitter.com/s9labs/statuses/519576582742999043"
},
{
"trust": 1.7,
"url": "https://medium.com/section-9-lab/abusing-ios-url-handlers-on-messages-96979e8b12f5"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-3187"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-3187"
},
{
"trust": 0.3,
"url": "http://www.google.com/chrome"
},
{
"trust": 0.3,
"url": "http://googlechromereleases.blogspot.in/2014/10/chrome-for-ios-update.html"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-71126"
},
{
"db": "BID",
"id": "70272"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004573"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-149"
},
{
"db": "NVD",
"id": "CVE-2014-3187"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-71126"
},
{
"db": "BID",
"id": "70272"
},
{
"db": "JVNDB",
"id": "JVNDB-2014-004573"
},
{
"db": "CNNVD",
"id": "CNNVD-201410-149"
},
{
"db": "NVD",
"id": "CVE-2014-3187"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-08T00:00:00",
"db": "VULHUB",
"id": "VHN-71126"
},
{
"date": "2014-10-07T00:00:00",
"db": "BID",
"id": "70272"
},
{
"date": "2014-10-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004573"
},
{
"date": "2014-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-149"
},
{
"date": "2014-10-08T10:55:05.987000",
"db": "NVD",
"id": "CVE-2014-3187"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2014-10-08T00:00:00",
"db": "VULHUB",
"id": "VHN-71126"
},
{
"date": "2014-10-07T00:00:00",
"db": "BID",
"id": "70272"
},
{
"date": "2014-10-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2014-004573"
},
{
"date": "2014-10-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201410-149"
},
{
"date": "2025-04-12T10:46:40.837000",
"db": "NVD",
"id": "CVE-2014-3187"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-149"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "iOS Run on Google Chrome Vulnerabilities in obtaining video and audio data from devices",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2014-004573"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "XSS",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201410-149"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…