Insufficiently Large Integer Data Type Vulnerability in Google Chrome

Insufficiently Large Integer Data Type Vulnerability in Google Chrome

CVE-2014-1746 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The InMemoryUrlProtocol::Read function in media/filters/in_memory_url_protocol.cc in Google Chrome before 35.0.1916.114 relies on an insufficiently large integer data type, which allows remote attackers to cause a denial of service (out-of-bounds read) via vectors that trigger use of a large buffer.

Learn more about our Cis Benchmark Audit For Google Chrome.