Lucene search

PRIOn knowledge basePRION:CVE-2015-1236

HistoryApr 19, 2015 - 10:59 a.m.

Design/Logic Flaw

2015-04-1910:59:00

PRIOn knowledge base

www.prio-n.com

6.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

77.4%

JSON

The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element.

CPENameOperatorVersion
ubuntu_linuxeq14.10
ubuntu_linuxeq14.04
ubuntu_linuxeq15.04
debian_linuxeq8.0
chromele42.0.2311.60

Name	Operator	Version
ubuntu_linux	eq	14.10
ubuntu_linux	eq	14.04
ubuntu_linux	eq	15.04
debian_linux	eq	8.0
chrome	le	42.0.2311.60

References

lists.opensuse.org/opensuse-updates/2015-04/msg00040.html

lists.opensuse.org/opensuse-updates/2015-11/msg00024.html

rhn.redhat.com/errata/RHSA-2015-0816.html

ubuntu.com/usn/usn-2570-1

www.debian.org/security/2015/dsa-3238

www.securitytracker.com/id/1032209

code.google.com/p/chromium/issues/detail?id=313939

googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html

security.gentoo.org/glsa/201506-04

src.chromium.org/viewvc/blink?revision=189527&view=revision

6.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

77.4%

JSON

Related for PRION:CVE-2015-1236