Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1226

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2015-1226
Last Modified 11 Mar 2015 10:02:35
Published 08 Mar 2015 08:59:19
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-1226

Summary

The DebuggerFunction::InitAgentHost function in browser/extensions/api/debugger/debugger_api.cc in Google Chrome before 41.0.2272.76 does not properly restrict what URLs are available as debugger targets, which allows remote attackers to bypass intended access restrictions via a crafted extension.

Vulnerable Systems

Application

  • Google Chrome 40.0.2214.115


References

CONFIRM - https://codereview.chromium.org/910053002

CONFIRM - https://code.google.com/p/chromium/issues/detail?id=456841

CONFIRM - http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html

BID - 72901

REDHAT - RHSA-2015:0627


Last Updated: 27 May 2016 11:08:00