CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
EPSS
Percentile
75.5%
The V8ThrowException::createDOMException function in
bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used
in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and
before 40.0.2214.109 on Android, does not properly consider frame access
restrictions during the throwing of an exception, which allows remote
attackers to bypass the Same Origin Policy via a crafted web site.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | chromium-browser | < 40.0.2214.111-0ubuntu0.14.04.1.1069 | UNKNOWN |
ubuntu | 14.10 | noarch | chromium-browser | < 40.0.2214.111-0ubuntu0.14.10.1.1111 | UNKNOWN |
ubuntu | 15.04 | noarch | chromium-browser | < 40.0.2214.111-0ubuntu1.1121 | UNKNOWN |
ubuntu | 15.10 | noarch | chromium-browser | < 40.0.2214.111-0ubuntu1.1121 | UNKNOWN |
ubuntu | 14.04 | noarch | oxide-qt | < 1.4.3-0ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 14.10 | noarch | oxide-qt | < 1.4.3-0ubuntu0.14.10.1 | UNKNOWN |
ubuntu | 15.04 | noarch | oxide-qt | < 1.5.3-0ubuntu2 | UNKNOWN |
ubuntu | 15.10 | noarch | oxide-qt | < 1.5.3-0ubuntu2 | UNKNOWN |
googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html
googlechromereleases.blogspot.com/2015/02/stable-channel-update.html
code.google.com/p/chromium/issues/detail?id=453979
launchpad.net/bugs/cve/CVE-2015-1210
nvd.nist.gov/vuln/detail/CVE-2015-1210
security-tracker.debian.org/tracker/CVE-2015-1210
src.chromium.org/viewvc/blink?revision=189365&view=revision
ubuntu.com/security/notices/USN-2495-1
www.cve.org/CVERecord?id=CVE-2015-1210