[email protected]CVE-2015-1303

HistoryOct 12, 2015 - 1:59 a.m.

CVE-2015-1303

2015-10-1201:59:00

CWE-20

[email protected]

web.nvd.nist.gov

cve

blink

google chrome

same origin policy

cross-context exception

security vulnerability

nvd

8.5 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.8%

JSON

bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME element.

CPENameOperatorVersion
google:chromegoogle chromele45.0.2454.93

CPE	Name	Operator	Version
google:chrome	google chrome	le	45.0.2454.93

References

googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html

lists.opensuse.org/opensuse-security-announce/2015-10/msg00008.html

lists.opensuse.org/opensuse-security-announce/2015-11/msg00002.html

rhn.redhat.com/errata/RHSA-2015-1841.html

www.debian.org/security/2015/dsa-3376

www.securityfocus.com/bid/76844

www.securitytracker.com/id/1033683

www.ubuntu.com/usn/USN-2757-1

code.google.com/p/chromium/issues/detail?id=530301

codereview.chromium.org/1339023002

security.gentoo.org/glsa/201603-09

8.5 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.013 Low

EPSS

Percentile

85.8%

JSON

Related for CVE-2015-1303

ubuntucve1 debiancve1 prion1 seebug1 securityvulns4 archlinux1 openvas9 kaspersky1 nessus9 suse2 mageia1 freebsd1 ubuntu1 chrome1 redhat1 debian2 osv1 gentoo1