CVE-2015-1290 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Google Chrome

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

8.8HIGHNVD

EPSS

1.8%

top 17.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome QT Opensuse Leap

Timeline

PublishedJan 9

Latest updateMay 14

Description

The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

▶NVDgoogle/chrome< 44.0.2403.89

▶NVDqt/qt< 5.5.1

▶NVDopensuse/leap42.1

🔴Vulnerability Details

GHSA

GHSA-94wc-qfg4-73pw: The Google V8 engine, as used in Google Chrome before 44↗2022-05-14

▶

OSV

CVE-2015-1290: The Google V8 engine, as used in Google Chrome before 44↗2018-01-09

▶

📋Vendor Advisories

Red Hat

webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)↗2015-01-26

▶

💬Community

Bugzilla

CVE-2014-1292 webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)↗2015-01-27

▶