Lucene search

[email protected]CVE-2015-1226

HistoryMar 09, 2015 - 12:59 a.m.

CVE-2015-1226

2015-03-0900:59:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2015-1226

debuggerfunction

initagenthost

google chrome

access restrictions

crafted extension

5.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.0%

JSON

The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension.

CPENameOperatorVersion
google:chromegoogle chromele40.0.2214.115

CPE	Name	Operator	Version
google:chrome	google chrome	le	40.0.2214.115

References

googlechromereleases.blogspot.com/2015/03/stable-channel-update.html

rhn.redhat.com/errata/RHSA-2015-0627.html

www.securityfocus.com/bid/72901

code.google.com/p/chromium/issues/detail?id=456841

codereview.chromium.org/910053002

security.gentoo.org/glsa/201503-12

5.8 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

74.0%

JSON

Related for CVE-2015-1226

debiancve1 prion1 ubuntucve1 redhat1 openvas6 mageia1 kaspersky1 threatpost1 nessus7 suse1 gentoo1 freebsd1 archlinux1 chrome1