Universal XSS (UXSS) vulnerability in Blink's GenerateFunction function in Google Chrome before 33.0.1750.149

Universal XSS (UXSS) vulnerability in Blink's GenerateFunction function in Google Chrome before 33.0.1750.149

CVE-2014-1701 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to conduct Universal XSS (UXSS) attacks via vectors involving events.

Learn more about our Cis Benchmark Audit For Bind.