What is CVE-2014-6041?

CVE-2014-6041 is a vulnerability in Google Android_browser, classified under CWE-264. Published 2014-09-02.

Is CVE-2014-6041 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Google Android_browser

CVE-2014-6041

The Android WebView in Android before 4.4 allows remote attackers to bypass the Same Origin Policy via a crafted attribute containing a \u0000 character, as demonstrated by an onclick="window.open('\u0000javascript: sequence to the Android…

EPSS: 0.776 (99.0th percentile) — read the EPSS interpretation.

Affected products

Google Android_browser — versions 4.2.1
N/a — versions n/a

Weakness classification (CWE)

CWE-264

Public proof-of-concept exploits

References

69548 (vdb-entry, x_refsource_BID)
cve@mitre.org (Exploit, x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_CONFIRM)
cve@mitre.org (x_refsource_MISC)
cve@mitre.org (x_refsource_CONFIRM)
google-android-cve20146041-sec-bypass(95693) (vdb-entry, x_refsource_XF)
cve@mitre.org (x_refsource_MISC)

Frequently asked questions

What is CVE-2014-6041?: CVE-2014-6041 is a vulnerability in Google Android_browser, classified under CWE-264. Published 2014-09-02.
Is CVE-2014-6041 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.