CVE-2015-1293 — Google Chrome vulnerability

CWE-2649 documents6 sources

Severity

7.5HIGHNVD

OSV6.4

EPSS

0.5%

top 34.14%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedSep 3

Latest updateMay 17

Description

The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDgoogle/chrome44.0.2403

🔴Vulnerability Details

GHSA

GHSA-mvm8-97cp-hg4p: The DOM implementation in Blink, as used in Google Chrome before 45↗2022-05-17

▶

OSV

oxide-qt vulnerabilities↗2015-09-08

▶

OSV

CVE-2015-1293: The DOM implementation in Blink, as used in Google Chrome before 45↗2015-09-02

▶

📋Vendor Advisories

Ubuntu

Oxide vulnerabilities↗2015-09-08

▶

Red Hat

chromium-browser: Cross-origin bypass in DOM↗2015-09-01

▶

Red Hat

webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)↗2015-01-26

▶

💬Community

Bugzilla

CVE-2015-1293 chromium-browser: Cross-origin bypass in DOM↗2015-09-02

▶

Bugzilla

CVE-2014-1292 webkitgtk: arbitrary code execution and denial of service via a crafted web site (WSA-2015-0001)↗2015-01-27

▶