CVE-2015-1284

CWE-20Improper Input ValidationCWE-416Use After Free7 documents7 sources
Severity
7.5HIGH
EPSS
1.2%
top 20.90%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Google ChromeOpensuse OpensuseRedhat Enterprise Linux Desktop Supplementary+2 more
Timeline
PublishedJul 23
Latest updateMay 14

Description

The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code that makes many createElement calls for IFRAME elements.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages6 packages

NVDgoogle/chrome43.0.2357.134
Ubuntuoxide-qt< 1.8.4-0ubuntu0.14.04.2
Ubuntuchromium-browser< 44.0.2403.89-0ubuntu0.14.04.1.1095
NVDopensuse/opensuse13.1, 13.2+1

Also affects: Enterprise Linux 6.0, 6.7.z

🔴Vulnerability Details

3
GHSA
GHSA-4xmj-f3x2-prmp: The LocalFrame::isURLAllowed function in core/frame/LocalFrame2022-05-14
CVEList
CVE-2015-1284: The LocalFrame::isURLAllowed function in core/frame/LocalFrame2015-07-23
OSV
CVE-2015-1284: The LocalFrame::isURLAllowed function in core/frame/LocalFrame2015-07-22

📋Vendor Advisories

2
Ubuntu
Oxide vulnerabilities2015-08-04
Red Hat
chromium-browser: Use-after-free in blink.2015-07-21

💬Community

1
Bugzilla
CVE-2015-1284 chromium-browser: Use-after-free in blink.2015-07-22
CVE-2015-1284 (HIGH CVSS 7.5) | The LocalFrame::isURLAllowed functi | cvebase.io