CVE-2015-1267Google Chrome vulnerability

CWE-2547 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
0.9%
top 23.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedJun 26
Latest updateMay 17

Description

Blink, as used in Google Chrome before 43.0.2357.130, does not properly restrict the creation context during creation of a DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that uses a Blink public API, related to WebArrayBufferConverter.cpp, WebBlob.cpp, WebDOMError.cpp, and WebDOMFileSystem.cpp.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDgoogle/chrome43.0.2357.81

🔴Vulnerability Details

3
GHSA
GHSA-3pg9-3f6q-hjf5: Blink, as used in Google Chrome before 432022-05-17
OSV
oxide-qt vulnerabilities2015-06-30
OSV
CVE-2015-1267: Blink, as used in Google Chrome before 432015-06-26

📋Vendor Advisories

2
Ubuntu
Oxide vulnerabilities2015-06-30
Red Hat
chromium-browser: Cross-origin bypass in Blink2015-06-22

💬Community

1
Bugzilla
CVE-2015-1267 chromium-browser: Cross-origin bypass in Blink2015-06-23