CVE-2015-1211 — Google Chrome vulnerability

8 documents7 sources

Severity

7.5HIGHNVD

EPSS

0.8%

top 26.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Canonical Ubuntu Linux Opensuse +5 more

Timeline

PublishedFeb 6

Latest updateMay 13

Description

The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages5 packages

▶NVDgoogle/chrome< 40.0.2214.109+1

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

▶NVDredhat/enterprise_linux_workstation6.0

▶NVDopensuse/opensuse13.1, 13.2+1

Also affects: Ubuntu Linux 14.04, 14.10, Enterprise Linux 6.6

🔴Vulnerability Details

GHSA

GHSA-3c6g-x8mc-8hqx: The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host↗2022-05-13

▶

OSV

oxide-qt vulnerabilities↗2015-02-10

▶

OSV

CVE-2015-1211: The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host↗2015-02-06

▶

CVEList

CVE-2015-1211: The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host↗2015-02-06

▶

📋Vendor Advisories

Ubuntu

Oxide vulnerabilities↗2015-02-10

▶

Red Hat

chromium-browser: privilege escalation in service workers↗2015-02-04

▶

💬Community

Bugzilla

CVE-2015-1211 chromium-browser: privilege escalation in service workers↗2015-02-06

▶