5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.004 Low
EPSS
Percentile
72.1%
android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in
Google Chrome before 43.0.2357.65 on Android does not properly restrict use
of a URL’s fragment identifier during construction of a page-info popup,
which allows remote attackers to spoof the URL bar or deliver misleading
popup content via crafted text.
googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html
code.google.com/p/chromium/issues/detail?id=466351
codereview.chromium.org/1011383005
codereview.chromium.org/1056743002
codereview.chromium.org/1077483002
launchpad.net/bugs/cve/CVE-2015-1261
nvd.nist.gov/vuln/detail/CVE-2015-1261
security-tracker.debian.org/tracker/CVE-2015-1261
www.cve.org/CVERecord?id=CVE-2015-1261