CVE-2015-1253Improper Access Control in Google Chrome

CWE-284Improper Access Control7 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.9%
top 23.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Google ChromeDebian Linux
Timeline
PublishedMay 20
Latest updateMay 17

Description

core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDgoogle/chrome42.0.2311.152

Also affects: Debian Linux 8.0

🔴Vulnerability Details

3
GHSA
GHSA-65r9-74hc-qwqr: core/html/parser/HTMLConstructionSite2022-05-17
OSV
oxide-qt vulnerabilities2015-05-21
OSV
CVE-2015-1253: core/html/parser/HTMLConstructionSite2015-05-20

📋Vendor Advisories

2
Ubuntu
Oxide vulnerabilities2015-05-21
Red Hat
chromium-browser: Cross-origin bypass in DOM.2015-05-19

💬Community

1
Bugzilla
CVE-2015-1253 chromium-browser: Cross-origin bypass in DOM.2015-05-20
CVE-2015-1253 — Improper Access Control in Google | cvebase