CVE-2015-1302 — Improper Input Validation in Google Chrome

CWE-20 — Improper Input Validation CWE-200 — Sensitive Information Exposure7 documents6 sources

Severity

7.5HIGHNVD

EPSS

1.2%

top 20.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Citrix Netscaler ADC Gateway

Timeline

PublishedNov 11

Latest updateMay 14

Description

The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and out_of_process_instance.cc.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDgoogle/chrome46.0.2490.80

▶citrixcitrix/netscaler_adc_gateway

🔴Vulnerability Details

GHSA

GHSA-5f5g-9jr3-xpmv: The PDF viewer in Google Chrome before 46↗2022-05-14

▶

OSV

CVE-2015-1302: The PDF viewer in Google Chrome before 46↗2015-11-11

▶

📋Vendor Advisories

Citrix

CVE-2015-3642: The TLS and DTLS processing functionality in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway devices with firmware 9.x be↗2017-08-02

▶

Red Hat

chromium-browser: information leak in PDF viewer↗2015-11-10

▶

💬Community

Bugzilla

CVE-2015-1302 chromium-browser: information leak in PDF viewer↗2015-11-11

▶

Bugzilla

CVE-2014-9447 elfutils: directory traversal in read_long_names()↗2015-01-05

▶