Lucene search

ChromeCVE-2015-1210

HistoryFeb 06, 2015 - 11:59 a.m.

CVE-2015-1210

2015-02-0611:59:08

Chrome

web.nvd.nist.gov

cve

2015

1210

blink

same origin policy

security

chrome

vulnerability

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

AI Score

Confidence

Low

EPSS

0.005

Percentile

75.5%

JSON

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

Affected configurations

Nvd

Node

googlechromeRange<40.0.2214.109android

Node

googlechromeRange<40.0.2214.111

AND

applemacosMatch-

linuxlinux_kernelMatch-

microsoftwindowsMatch-

Node

canonicalubuntu_linuxMatch14.04esm

canonicalubuntu_linuxMatch14.10

Node

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_eusMatch6.6

redhatenterprise_linux_serverMatch6.0

redhatenterprise_linux_server_ausMatch6.6

redhatenterprise_linux_workstationMatch6.0

Node

opensuseopensuseMatch13.1

opensuseopensuseMatch13.2

VendorProductVersionCPE
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:android:*:*
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
applemacos-cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
linuxlinux_kernel-cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
canonicalubuntu_linux14.04cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
canonicalubuntu_linux14.10cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
redhatenterprise_linux_desktop6.0cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
redhatenterprise_linux_eus6.6cpe:2.3:o:redhat:enterprise_linux_eus:6.6:*:*:*:*:*:*:*
redhatenterprise_linux_server6.0cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
google	chrome	*	cpe:2.3:a:google:chrome::::::android::*
google	chrome	*	cpe:2.3:a:google:chrome::::::::
apple	macos	-	cpe:2.3:o:apple:macos:-:::::::*
linux	linux_kernel	-	cpe:2.3:o:linux:linux_kernel:-:::::::*
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
canonical	ubuntu_linux	14.04	cpe:2.3:o:canonical:ubuntu_linux:14.04::::esm:::
canonical	ubuntu_linux	14.10	cpe:2.3:o:canonical:ubuntu_linux:14.10:::::::*
redhat	enterprise_linux_desktop	6.0	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
redhat	enterprise_linux_eus	6.6	cpe:2.3:o:redhat:enterprise_linux_eus:6.6:::::::*
redhat	enterprise_linux_server	6.0	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*