CVE-2015-1248 — Cross-Site Request Forgery in Google Chrome

CWE-264 CWE-352 — Cross-Site Request Forgery5 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.6%

top 31.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Debian Linux

Timeline

PublishedApr 19

Latest updateMay 17

Description

The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDgoogle/chrome40.0.2214.85

Also affects: Debian Linux 7.0

🔴Vulnerability Details

GHSA

GHSA-prgf-rqp7-pmqx: The FileSystem API in Google Chrome before 40↗2022-05-17

▶

OSV

CVE-2015-1248: The FileSystem API in Google Chrome before 40↗2015-04-19

▶

📋Vendor Advisories

Red Hat

chromium-browser: SafeBrowsing bypass↗2015-04-14

▶

💬Community

Bugzilla

CVE-2015-1248 chromium-browser: SafeBrowsing bypass↗2015-04-15

▶