CVE-2015-1236

2015-04-1910:59:00

CWE-264

[email protected]

web.nvd.nist.gov

cve-2015-1236

mediaelementaudiosourcenode

blink

same origin policy

google chrome

web audio api

nvd

security vulnerability

5.7 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

77.7%

JSON

The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element.

CPENameOperatorVersion
google:chromegoogle chromele42.0.2311.60
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.10
canonical:ubuntu_linuxcanonical ubuntu linuxeq14.04
canonical:ubuntu_linuxcanonical ubuntu linuxeq15.04
debian:debian_linuxdebian debian linuxeq8.0

CPE	Name	Operator	Version
google:chrome	google chrome	le	42.0.2311.60
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.10
canonical:ubuntu_linux	canonical ubuntu linux	eq	14.04
canonical:ubuntu_linux	canonical ubuntu linux	eq	15.04
debian:debian_linux	debian debian linux	eq	8.0