Lucene search

K
cve[email protected]CVE-2015-1297
HistorySep 03, 2015 - 10:59 p.m.

CVE-2015-1297

2015-09-0322:59:00
CWE-254
web.nvd.nist.gov
47
cve-2015-1297
webrequest api
google chrome
security bypass
nvd

8.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.4%

The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request’s source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted (1) app or (2) extension.

CPENameOperatorVersion
google:chromegoogle chromele44.0.2403

8.7 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

84.4%

Related for CVE-2015-1297