CVE-2015-1210

Sažetak

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

Reference

http://www.securityfocus.com/bid/72497
http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html
http://secunia.com/advisories/62818
http://secunia.com/advisories/62925
http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html
http://security.gentoo.org/glsa/glsa-201502-13.xml
http://secunia.com/advisories/62917
https://code.google.com/p/chromium/issues/detail?id=453979
http://rhn.redhat.com/errata/RHSA-2015-0163.html
http://secunia.com/advisories/62670
http://www.securitytracker.com/id/1031709
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/100716
http://www.ubuntu.com/usn/USN-2495-1
https://src.chromium.org/viewvc/blink?revision=189365&view=revision

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Zadnje važnije ažuriranje

07-11-2023 - 02:24

Objavljeno

06-02-2015 - 11:59