Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveChromeCVE-2015-1285
HistoryJul 23, 2015 - 12:59 a.m.

CVE-2015-1285

2015-07-2300:59:14
CWE-200
Chrome
web.nvd.nist.gov
64
cve-2015-1285
xssauditor
blink
google chrome
information security
remote attack

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

8.4

Confidence

High

EPSS

0.004

Percentile

72.7%

JSON

The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-time attack.

Affected configurations

Nvd
Node
redhatenterprise_linux_desktop_supplementaryMatch6.0
OR
redhatenterprise_linux_server_supplementaryMatch6.0
OR
redhatenterprise_linux_server_supplementary_eusMatch6.7z
OR
redhatenterprise_linux_workstation_supplementaryMatch6.0
Node
debiandebian_linuxMatch8.0
Node
opensuseopensuseMatch13.1
OR
opensuseopensuseMatch13.2
Node
googlechromeRange43.0.2357.134
VendorProductVersionCPE
redhatenterprise_linux_desktop_supplementary6.0cpe:2.3:o:redhat:enterprise_linux_desktop_supplementary:6.0:*:*:*:*:*:*:*
redhatenterprise_linux_server_supplementary6.0cpe:2.3:o:redhat:enterprise_linux_server_supplementary:6.0:*:*:*:*:*:*:*
redhatenterprise_linux_server_supplementary_eus6.7zcpe:2.3:o:redhat:enterprise_linux_server_supplementary_eus:6.7z:*:*:*:*:*:*:*
redhatenterprise_linux_workstation_supplementary6.0cpe:2.3:o:redhat:enterprise_linux_workstation_supplementary:6.0:*:*:*:*:*:*:*
debiandebian_linux8.0cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
opensuseopensuse13.1cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
opensuseopensuse13.2cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
googlechrome*cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Related

debiancve 1
cvelist 1
nvd 1
ubuntucve 1
prion 1
nessus 9
openvas 9
ubuntu 1
mageia 1
archlinux 1
redhat 1
freebsd 1
threatpost 1
kaspersky 1
chrome 1
suse 1
securityvulns 2
debian 2
osv 3
gentoo 1
debiancve
debiancve
CVE-2015-1285
2015-07-23 00:59:00
cvelist
cvelist
CVE-2015-1285
2015-07-23 00:00:00
nvd
nvd
CVE-2015-1285
2015-07-23 00:59:14
ubuntucve
ubuntucve
CVE-2015-1285
2015-07-22 00:00:00
prion
prion
Information disclosure
2015-07-23 00:59:00
nessus
nessus
Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2677-1)
2015-08-05 00:00:00
RHEL 6 : chromium-browser (RHSA-2015:1499)
2015-07-28 00:00:00
Google Chrome < 44.0.2403.89 Multiple Vulnerabilities
2015-09-08 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-2677-1)
2015-08-05 00:00:00
Mageia: Security Advisory (MGASA-2015-0288)
2015-10-15 00:00:00
Google Chrome Multiple Vulnerabilities-01 (Jul 2015) - Windows
2015-07-23 00:00:00
ubuntu
ubuntu
Oxide vulnerabilities
2015-08-04 00:00:00
mageia
mageia
Updated chromium-browser package fixes security vulnerabilities
2015-07-27 20:45:18
archlinux
archlinux
chromium: multiple issues
2015-07-23 00:00:00
redhat
redhat
(RHSA-2015:1499) Important: chromium-browser security update
2015-07-27 00:00:00
freebsd
freebsd
chromium -- multiple vulnerabilities
2015-07-21 00:00:00
threatpost
threatpost
Google Patches 43 Bugs in Chrome
2015-07-22 09:23:06
kaspersky
kaspersky
KLA10636 Multiple vulnerabilities in Google Chrome
2015-07-21 00:00:00
chrome
chrome
Stable Channel Update
2015-07-21 00:00:00
suse
suse
Security update for Chromium (important)
2015-07-26 21:08:24
securityvulns
securityvulns
Google Chrome / Chromium multiple security vulnerabilities
2015-07-26 00:00:00
[SECURITY] [DSA 3315-1] chromium-browser security update
2015-07-26 00:00:00
debian
debian
[SECURITY] [DSA 3315-1] chromium-browser security update
2015-07-24 12:29:48
[SECURITY] [DSA 3315-1] chromium-browser security update
2015-07-24 12:29:48
osv
osv
chromium-browser - security update
2015-07-23 00:00:00
chromedriver-55.0.2883.75-3.1 on GA media
2024-06-15 00:00:00
ungoogled-chromium-113.0.5672.92-1.1 on GA media
2024-06-15 00:00:00
gentoo
gentoo
Chromium: Multiple vulnerabilities
2016-03-12 00:00:00

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

8.4

Confidence

High

EPSS

0.004

Percentile

72.7%

JSON
Related for CVE-2015-1285
debiancve1cvelist1nvd1ubuntucve1prion1nessus9openvas9ubuntu1mageia1archlinux1redhat1freebsd1threatpost1kaspersky1chrome1suse1securityvulns2debian2osv3gentoo1