CVE-2014-3172

medium

Published 2014-08-27 · Modified 2026-05-06

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

6.4

Description

The Debugger extension API in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 37.0.2062.94 does not validate a tab's URL before an attach operation, which allows remote attackers to bypass intended access limitations via an extension that uses a restricted URL, as demonstrated by a chrome:// URL.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Application impact

Vendor	Product	Versions
google	chrome	`{"endIncluding":"37.0.2062.93"}`
google	chrome	`37.0.2062.0`
google	chrome	`37.0.2062.1`
google	chrome	`37.0.2062.2`
google	chrome	`37.0.2062.3`
google	chrome	`37.0.2062.4`
google	chrome	`37.0.2062.5`
google	chrome	`37.0.2062.6`
google	chrome	`37.0.2062.7`
google	chrome	`37.0.2062.8`
google	chrome	`37.0.2062.9`
google	chrome	`37.0.2062.10`
google	chrome	`37.0.2062.11`
google	chrome	`37.0.2062.12`
google	chrome	`37.0.2062.13`
google	chrome	`37.0.2062.14`
google	chrome	`37.0.2062.15`
google	chrome	`37.0.2062.16`
google	chrome	`37.0.2062.17`
google	chrome	`37.0.2062.18`
google	chrome	`37.0.2062.19`
google	chrome	`37.0.2062.20`
google	chrome	`37.0.2062.21`
google	chrome	`37.0.2062.22`
google	chrome	`37.0.2062.23`
google	chrome	`37.0.2062.24`
google	chrome	`37.0.2062.25`
google	chrome	`37.0.2062.26`
google	chrome	`37.0.2062.27`
google	chrome	`37.0.2062.28`
google	chrome	`37.0.2062.29`
google	chrome	`37.0.2062.30`
google	chrome	`37.0.2062.31`
google	chrome	`37.0.2062.32`
google	chrome	`37.0.2062.33`
google	chrome	`37.0.2062.34`
google	chrome	`37.0.2062.35`
google	chrome	`37.0.2062.36`
google	chrome	`37.0.2062.37`
google	chrome	`37.0.2062.39`
google	chrome	`37.0.2062.43`
google	chrome	`37.0.2062.44`
google	chrome	`37.0.2062.45`
google	chrome	`37.0.2062.46`
google	chrome	`37.0.2062.47`
google	chrome	`37.0.2062.48`
google	chrome	`37.0.2062.49`
google	chrome	`37.0.2062.50`
google	chrome	`37.0.2062.51`
google	chrome	`37.0.2062.52`
google	chrome	`37.0.2062.53`
google	chrome	`37.0.2062.54`
google	chrome	`37.0.2062.55`
google	chrome	`37.0.2062.56`
google	chrome	`37.0.2062.57`
google	chrome	`37.0.2062.58`
google	chrome	`37.0.2062.59`
google	chrome	`37.0.2062.60`
google	chrome	`37.0.2062.61`
google	chrome	`37.0.2062.62`
google	chrome	`37.0.2062.63`
google	chrome	`37.0.2062.64`
google	chrome	`37.0.2062.65`
google	chrome	`37.0.2062.66`
google	chrome	`37.0.2062.67`
google	chrome	`37.0.2062.68`
google	chrome	`37.0.2062.69`
google	chrome	`37.0.2062.70`
google	chrome	`37.0.2062.71`
google	chrome	`37.0.2062.72`
google	chrome	`37.0.2062.73`
google	chrome	`37.0.2062.74`
google	chrome	`37.0.2062.75`
google	chrome	`37.0.2062.76`
google	chrome	`37.0.2062.77`
google	chrome	`37.0.2062.78`
google	chrome	`37.0.2062.80`
google	chrome	`37.0.2062.81`
google	chrome	`37.0.2062.89`
google	chrome	`37.0.2062.90`
google	chrome	`37.0.2062.91`
google	chrome	`37.0.2062.92`

References

CWEs

CWE-264

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.