Lucene search

K

ChromeCVELIST:CVE-2015-1211

HistoryFeb 06, 2015 - 11:00 a.m.

CVE-2015-1211

2015-02-0611:00:00

Chrome

www.cve.org

7

AI Score

6.1

Confidence

Low

EPSS

0.009

Percentile

83.2%

The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI.

References

googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html

googlechromereleases.blogspot.com/2015/02/stable-channel-update.html

lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html

rhn.redhat.com/errata/RHSA-2015-0163.html

secunia.com/advisories/62670

secunia.com/advisories/62818

secunia.com/advisories/62917

secunia.com/advisories/62925

security.gentoo.org/glsa/glsa-201502-13.xml

www.securityfocus.com/bid/72497

www.securitytracker.com/id/1031709

www.ubuntu.com/usn/USN-2495-1

code.google.com/p/chromium/issues/detail?id=453982

codereview.chromium.org/889323002

exchange.xforce.ibmcloud.com/vulnerabilities/100717

AI Score

6.1

Confidence

Low

EPSS

0.009

Percentile

83.2%

Related for CVELIST:CVE-2015-1211

nvd1 cve1 ubuntucve1 prion1 debiancve1 chrome2 kaspersky1 archlinux1 redhat1 nessus8 openvas7 ubuntu1 freebsd1 mageia1 securityvulns1 suse1 gentoo1 osv2