CVE-2015-1261

EPSS 1.06%
Veröffentlicht 20.05.2015 10:59:13
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle chrome-cve-admin@google.com
Teams Watchlist Login
Unerledigt Login

android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL's fragment identifier during construction of a page-info popup, which allows remote attackers to spoof the URL bar or deliver misleading popup content via crafted text.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 13

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Debian ≫ Debian Linux Version8.0

Google ≫ Chrome SwPlatformandroid Version <= 42.0.2311.107

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.06%	0.767

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html

http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html

http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html

http://www.debian.org/security/2015/dsa-3267

http://www.securityfocus.com/bid/74723

http://www.securitytracker.com/id/1032375

https://code.google.com/p/chromium/issues/detail?id=466351

https://codereview.chromium.org/1011383005

https://codereview.chromium.org/1056743002

https://codereview.chromium.org/1077483002

https://nvd.nist.gov/vuln/detail/CVE-2015-1261

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-1261

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-1261

EUVD