Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-2239

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2015-2239
Last Modified 09 Mar 2015 12:04:37
Published 08 Mar 2015 08:59:29
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2015-2239

Summary

Google Chrome before 41.0.2272.76, when Instant Extended mode is used, does not properly consider the interaction between the "1993 search" features and restore-from-disk RELOAD transitions, which makes it easier for remote attackers to spoof the address bar for a search-results page by leveraging (1) a compromised search engine or (2) an XSS vulnerability in a search engine, a different vulnerability than CVE-2015-1231.

Vulnerable Systems

Application

  • Google Chrome 40.0.2214.115


References

CONFIRM - https://code.google.com/p/chromium/issues/detail?id=463349

CONFIRM - https://code.google.com/p/chromium/issues/detail?id=256724

CONFIRM - http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html


Last Updated: 27 May 2016 11:08:00