CVE-2015-1210 — Google Chrome vulnerability

8 documents7 sources

Severity

5.0MEDIUMNVD

OSV7.5

EPSS

0.6%

top 30.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Canonical Ubuntu Linux Opensuse +5 more

Timeline

PublishedFeb 6

Latest updateMay 13

Description

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

▶NVDgoogle/chrome< 40.0.2214.109+1

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

▶NVDredhat/enterprise_linux_workstation6.0

▶NVDopensuse/opensuse13.1, 13.2+1

Also affects: Ubuntu Linux 14.04, 14.10, Enterprise Linux 6.6

🔴Vulnerability Details

GHSA

GHSA-96r3-2685-3jhv: The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException↗2022-05-13

▶

OSV

oxide-qt vulnerabilities↗2015-02-10

▶

OSV

CVE-2015-1210: The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException↗2015-02-06

▶

CVEList

CVE-2015-1210: The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException↗2015-02-06

▶

📋Vendor Advisories

Ubuntu

Oxide vulnerabilities↗2015-02-10

▶

Red Hat

chromium-browser: cross-origin-bypass in V8 bindings↗2015-02-04

▶

💬Community

Bugzilla

CVE-2015-1210 chromium-browser: cross-origin-bypass in V8 bindings↗2015-02-06

▶