| Name | CVE-2014-1716 |
| Description | Cross-site scripting (XSS) vulnerability in the Runtime_SetPrototype function in runtime.cc in Google V8, as used in Google Chrome before 34.0.1847.116, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)." |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| References | DSA-2905-1 |
| Debian Bugs | 773671 |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|---|---|---|---|---|---|
| chromium-browser | source | squeeze | (unfixed) | end-of-life | ||
| chromium-browser | source | wheezy | 34.0.1847.116-1~deb7u1 | DSA-2905-1 | ||
| chromium-browser | source | (unstable) | 34.0.1847.116-1 | |||
| libv8 | source | squeeze | (unfixed) | end-of-life | ||
| libv8 | source | (unstable) | (unfixed) | |||
| libv8-3.14 | source | (unstable) | (unfixed) | unimportant | 773671 |
[wheezy] - libv8 <no-dsa> (Minor issue, Chromium in Wheezy uses its own fixed copy)
[squeeze] - libv8 <end-of-life> (Unsupported in squeeze-lts)
libv8 not covered by security support