CVE-2015-1266Google Chrome vulnerability

CWE-2547 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
0.9%
top 24.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedJun 26
Latest updateMay 17

Description

content/browser/webui/content_web_ui_controller_factory.cc in Google Chrome before 43.0.2357.130 does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance, which allows remote attackers to bypass intended access restrictions via a similar URL, as demonstrated by use of http://gpu when there is a WebUI class for handling chrome://gpu requests.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDgoogle/chrome43.0.2357.81

🔴Vulnerability Details

3
GHSA
GHSA-r47q-gp6w-mwhx: content/browser/webui/content_web_ui_controller_factory2022-05-17
OSV
oxide-qt vulnerabilities2015-06-30
OSV
CVE-2015-1266: content/browser/webui/content_web_ui_controller_factory2015-06-26

📋Vendor Advisories

2
Ubuntu
Oxide vulnerabilities2015-06-30
Red Hat
chromium-browser: Scheme validation error in WebUI2015-06-22

💬Community

1
Bugzilla
CVE-2015-1266 chromium-browser: Scheme validation error in WebUI2015-06-23