Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1210

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2015-1210
Last Modified 11 Mar 2015 10:02:19
Published 06 Feb 2015 06:59:08
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-1210

Summary

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

Vulnerable Systems

Operating System

  • Apple Mac Os X

  • Linux Kernel

  • Microsoft Windows

Application

  • Google Chrome 40.0.2214.89

  • Google Chrome 40.0.2214.93


References

CONFIRM - https://src.chromium.org/viewvc/blink?revision=189365&view=revision

CONFIRM - https://code.google.com/p/chromium/issues/detail?id=453979

CONFIRM - http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html

CONFIRM - http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html

XF - google-chrome-cve20151210-sec-bypass(100716)

UBUNTU - USN-2495-1

SECTRACK - 1031709

BID - 72497

SECUNIA - 62818

SECUNIA - 62670

REDHAT - RHSA-2015:0163

SECUNIA - 62925

SECUNIA - 62917

GENTOO - GLSA-201502-13

SUSE - openSUSE-SU-2015:0441


Last Updated: 27 May 2016 11:07:48