4.3

CVE-2015-1241

Exploit

Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GoogleChrome Version < 42.0.2311.90
DebianDebian Linux Version8.0
CanonicalUbuntu Linux Version14.04 SwEditionesm
CanonicalUbuntu Linux Version14.10
CanonicalUbuntu Linux Version15.04
OpensuseOpensuse Version13.1
OpensuseOpensuse Version13.2
SuseLinux Enterprise Version12.0
RedhatEnterprise Linux Eus Version6.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.19% 0.838
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
CWE-1021 Improper Restriction of Rendered UI Layers or Frames

The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.

http://www.securitytracker.com/id/1032209
Third Party Advisory
Broken Link
VDB Entry
http://ubuntu.com/usn/usn-2570-1
Third Party Advisory
https://code.google.com/p/chromium/issues/detail?id=418402
Vendor Advisory
Exploit
Issue Tracking
https://codereview.chromium.org/628763003
Vendor Advisory
Issue Tracking
https://codereview.chromium.org/660663002
Vendor Advisory
Issue Tracking
https://codereview.chromium.org/717573004
Vendor Advisory
Issue Tracking
https://codereview.chromium.org/868123002
Vendor Advisory
Issue Tracking