It was discovered that in certain circumstances Unity failed to successfully grab the keyboard when switching to the lock screen. A local attacker could possibly use this issue to run commands, and unlock the current session.
Ubuntu Security Notice: http://www.ubuntu.com/usn/usn-2303-1/
After upgrading to Unity version 7.2.2+14.04.20140714-0ubuntu1 on Trusty, the lockscreen sometimes fails to take the keyboard focus away from Chrome. This might happen if there’s a text selection in Chrome, and also when resuming after suspend.
It doesn’t always happen, as this is a race condition, but it’s easy to reproduce by selecting the location bar in Chrome and then locking the screen.
Launchpad Bug Tracker: https://bugs.launchpad.net/ubuntu/+source/unity/+bug/1349128/