5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
76.6%
The FrameFetchContext::updateTimingInfoForIFrameNavigation function in
core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before
45.0.2454.85, does not properly restrict the availability of IFRAME
Resource Timing API times, which allows remote attackers to obtain
sensitive information via crafted JavaScript code that leverages a
history.back call.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | chromium-browser | < 45.0.2454.85-0ubuntu0.14.04.1.1097 | UNKNOWN |
ubuntu | 15.04 | noarch | chromium-browser | < 45.0.2454.85-0ubuntu0.15.04.1.1181 | UNKNOWN |
ubuntu | 15.10 | noarch | chromium-browser | < 45.0.2454.85-0ubuntu1.1198 | UNKNOWN |
ubuntu | 14.04 | noarch | oxide-qt | < 1.9.1-0ubuntu0.14.04.2 | UNKNOWN |
ubuntu | 15.04 | noarch | oxide-qt | < 1.9.1-0ubuntu0.15.04.1 | UNKNOWN |
ubuntu | 15.10 | noarch | oxide-qt | < 1.9.1-0ubuntu1 | UNKNOWN |