Lucene search

[email protected]CVE-2015-1304

HistoryOct 12, 2015 - 1:59 a.m.

CVE-2015-1304

2015-10-1201:59:00

CWE-284

[email protected]

web.nvd.nist.gov

cve-2015-1304

google v8

google chrome

same origin policy

remote attack

8.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.2%

JSON

object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call.

CPENameOperatorVersion
google:chromegoogle chromele45.0.2454.93

CPE	Name	Operator	Version
google:chrome	google chrome	le	45.0.2454.93

References

googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html

lists.opensuse.org/opensuse-security-announce/2015-10/msg00008.html

lists.opensuse.org/opensuse-security-announce/2015-11/msg00002.html

rhn.redhat.com/errata/RHSA-2015-1841.html

www.debian.org/security/2015/dsa-3376

www.securityfocus.com/bid/76844

www.securitytracker.com/id/1033683

www.ubuntu.com/usn/USN-2757-1

chromium.googlesource.com/v8/v8/+/9b0fb52b57021473aa813f3fb99ad7384a8b86f1

code.google.com/p/chromium/issues/detail?id=531891

security.gentoo.org/glsa/201603-09

8.8 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.014 Low

EPSS

Percentile

86.2%

JSON

Related for CVE-2015-1304

ubuntucve1 prion1 debiancve1 seebug1 securityvulns4 archlinux1 openvas9 nessus9 chrome1 redhat1 kaspersky1 suse2 freebsd1 mageia1 ubuntu1 debian2 osv1 gentoo1