Chrome Security Vulnerabilities and Issues — Chrome CVE List

Lucene search

GoogleChrome

4 matches found

CVE•added 2015/06/26 2:59 p.m.•74 views

CVE-2015-1269

The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string t...

4.3CVSS8.8AI score0.00924EPSS

CVE•added 2015/06/26 2:59 p.m.•73 views

CVE-2015-1267

Blink, as used in Google Chrome before 43.0.2357.130, does not properly restrict the creation context during creation of a DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that uses a Blink public API, related to WebArrayBufferConverter.cpp, We...

5CVSS8.9AI score0.00931EPSS

CVE•added 2015/06/26 2:59 p.m.•70 views

CVE-2015-1266

content/browser/webui/content_web_ui_controller_factory.cc in Google Chrome before 43.0.2357.130 does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance, which allows remote attackers to bypass intended access restrictions via a similar URL, as dem...

5CVSS8.9AI score0.00911EPSS

CVE•added 2015/06/26 2:59 p.m.•65 views

CVE-2015-1268

bindings/scripts/v8_types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value's DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code, as demonstrated by use of a data: URL.

5CVSS8.9AI score0.00833EPSS