CVE-2015-1303

EPSS 1.26%
Veröffentlicht 12.10.2015 01:59:15
Zuletzt bearbeitet 12.04.2025 10:46:40
Quelle chrome-cve-admin@google.com
CVE-Watchlists
Login
Unerledigt
Login

bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME element.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Google ≫ Chrome Version <= 45.0.2454.93

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.26%	0.785

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

https://security.gentoo.org/glsa/201603-09

http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html

http://lists.opensuse.org/opensuse-security-announce/2015-10/msg00008.html

http://lists.opensuse.org/opensuse-security-announce/2015-11/msg00002.html

http://rhn.redhat.com/errata/RHSA-2015-1841.html

http://www.debian.org/security/2015/dsa-3376

http://www.securityfocus.com/bid/76844

http://www.securitytracker.com/id/1033683

http://www.ubuntu.com/usn/USN-2757-1

https://code.google.com/p/chromium/issues/detail?id=530301

https://codereview.chromium.org/1339023002

https://nvd.nist.gov/vuln/detail/CVE-2015-1303

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-1303

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-1303

EUVD