CVE-2015-1268 — Google Chrome vulnerability

CWE-2547 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

0.8%

top 25.39%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedJun 26

Latest updateMay 17

Description

bindings/scripts/v8_types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value's DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code, as demonstrated by use of a data: URL.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDgoogle/chrome43.0.2357.81

🔴Vulnerability Details

GHSA

GHSA-9h4w-j8f9-g7pr: bindings/scripts/v8_types↗2022-05-17

▶

OSV

oxide-qt vulnerabilities↗2015-06-30

▶

OSV

CVE-2015-1268: bindings/scripts/v8_types↗2015-06-26

▶

📋Vendor Advisories

Ubuntu

Oxide vulnerabilities↗2015-06-30

▶

Red Hat

chromium-browser: Cross-origin bypass in Blink↗2015-06-22

▶

💬Community

Bugzilla

CVE-2015-1268 chromium-browser: Cross-origin bypass in Blink↗2015-06-23

▶