7.5

CVE-2015-1211

The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleChrome SwPlatformandroid Version < 40.0.2214.109
GoogleChrome Version < 40.0.2214.111
   ApplemacOS Version-
   LinuxLinux Kernel Version-
   MicrosoftWindows Version-
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version14.10
RedhatEnterprise Linux Eus Version6.6
OpensuseOpensuse Version13.1
OpensuseOpensuse Version13.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.15% 0.797
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html
http://security.gentoo.org/glsa/glsa-201502-13.xml
http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html
http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html
http://rhn.redhat.com/errata/RHSA-2015-0163.html
http://secunia.com/advisories/62670
http://secunia.com/advisories/62818
http://secunia.com/advisories/62917
http://secunia.com/advisories/62925
http://www.securityfocus.com/bid/72497
http://www.securitytracker.com/id/1031709
http://www.ubuntu.com/usn/USN-2495-1
https://code.google.com/p/chromium/issues/detail?id=453982
https://codereview.chromium.org/889323002
https://exchange.xforce.ibmcloud.com/vulnerabilities/100717