CVE-2015-1300

2015-09-0200:00:00

ubuntu.com

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

76.6%

JSON

The FrameFetchContext::updateTimingInfoForIFrameNavigation function in
core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before
45.0.2454.85, does not properly restrict the availability of IFRAME
Resource Timing API times, which allows remote attackers to obtain
sensitive information via crafted JavaScript code that leverages a
history.back call.

OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchchromium-browser< 45.0.2454.85-0ubuntu0.14.04.1.1097UNKNOWN
ubuntu15.04noarchchromium-browser< 45.0.2454.85-0ubuntu0.15.04.1.1181UNKNOWN
ubuntu15.10noarchchromium-browser< 45.0.2454.85-0ubuntu1.1198UNKNOWN
ubuntu14.04noarchoxide-qt< 1.9.1-0ubuntu0.14.04.2UNKNOWN
ubuntu15.04noarchoxide-qt< 1.9.1-0ubuntu0.15.04.1UNKNOWN
ubuntu15.10noarchoxide-qt< 1.9.1-0ubuntu1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	14.04	noarch	chromium-browser	< 45.0.2454.85-0ubuntu0.14.04.1.1097	UNKNOWN
ubuntu	15.04	noarch	chromium-browser	< 45.0.2454.85-0ubuntu0.15.04.1.1181	UNKNOWN
ubuntu	15.10	noarch	chromium-browser	< 45.0.2454.85-0ubuntu1.1198	UNKNOWN
ubuntu	14.04	noarch	oxide-qt	< 1.9.1-0ubuntu0.14.04.2	UNKNOWN
ubuntu	15.04	noarch	oxide-qt	< 1.9.1-0ubuntu0.15.04.1	UNKNOWN
ubuntu	15.10	noarch	oxide-qt	< 1.9.1-0ubuntu1	UNKNOWN