Bug 900653 (CVE-2014-3201) - VUL-0: CVE-2014-3201: chromium: allows remote attackers to spoof content via a crafted web site that interferes with the scrollbar.
Summary: VUL-0: CVE-2014-3201: chromium: allows remote attackers to spoof content via ...
Status: RESOLVED INVALID
Alias: CVE-2014-3201
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other openSUSE 13.1
: P5 - None : Normal
Target Milestone: ---
Assignee: Forgotten User sM9JzehKpy
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/109051/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-10-10 14:21 UTC by Victor Pereira
Modified: 2014-10-10 14:26 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2014-10-10 14:21:37 UTC 
CVE-2014-3201

core/rendering/compositing/RenderLayerCompositor.cpp in Blink, as used in Google
Chrome before 38.0.2125.102 on Android, does not properly handle a certain
IFRAME overflow condition, which allows remote attackers to spoof content via a
crafted web site that interferes with the scrollbar.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3201
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3201
https://src.chromium.org/viewvc/blink?revision=182021&view=revision
https://crbug.com/406593
http://googlechromereleases.blogspot.com/2014/10/chrome-for-android-update.html
Comment 1 Forgotten User sM9JzehKpy 2014-10-10 14:26:36 UTC 
Since when do we consider openSUSE to be Android ??  This CVE only reflects an situation that happens on Android and is not related to any Linux version.