[email protected]CVE-2015-1304

HistoryOct 12, 2015 - 1:59 a.m.

CVE-2015-1304

2015-10-1201:59:17

CWE-284

[email protected]

web.nvd.nist.gov

cve-2015-1304

google v8

google chrome

same origin policy

remote attack

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.4%

JSON

object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call.

Affected configurations

NVD

Node

googlechromeRange≤45.0.2454.93

CPENameOperatorVersion
google:chromegoogle chromele45.0.2454.93

CPE	Name	Operator	Version
google:chrome	google chrome	le	45.0.2454.93

References

googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html

lists.opensuse.org/opensuse-security-announce/2015-10/msg00008.html

lists.opensuse.org/opensuse-security-announce/2015-11/msg00002.html

rhn.redhat.com/errata/RHSA-2015-1841.html

www.debian.org/security/2015/dsa-3376

www.securityfocus.com/bid/76844

www.securitytracker.com/id/1033683

www.ubuntu.com/usn/USN-2757-1

chromium.googlesource.com/v8/v8/+/9b0fb52b57021473aa813f3fb99ad7384a8b86f1

code.google.com/p/chromium/issues/detail?id=531891

security.gentoo.org/glsa/201603-09

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

High

0.014 Low

EPSS

Percentile

86.4%

JSON

Related for CVE-2015-1304

cvelist1 nvd1 ubuntucve1 debiancve1 seebug1 prion1 archlinux1 securityvulns4 openvas9 nessus9 chrome1 redhat1 suse2 ubuntu1 freebsd1 mageia1 kaspersky1 osv1 debian2 gentoo1