CVE-2015-1303 — Improper Input Validation in Google Chrome

CWE-20 — Improper Input Validation CWE-284 — Improper Access Control CWE-122 — Heap-based Buffer Overflow9 documents6 sources

Severity

7.5HIGHNVD

EPSS

1.3%

top 20.60%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedOct 12

Latest updateMay 17

Description

bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME element.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDgoogle/chrome45.0.2454.93

🔴Vulnerability Details

GHSA

GHSA-67j3-3gmx-23jq: bindings/core/v8/V8DOMWrapper↗2022-05-17

▶

OSV

oxide-qt vulnerabilities↗2015-10-05

▶

OSV

CVE-2015-1303: bindings/core/v8/V8DOMWrapper↗2015-09-29

▶

📋Vendor Advisories

Ubuntu

Oxide vulnerabilities↗2015-10-05

▶

Red Hat

chromium-browser: Cross-origin bypass in DOM↗2015-09-24

▶

Red Hat

webkitgtk: heap-based buffer overflow (WSA-2015-0001)↗2015-01-26

▶

💬Community

Bugzilla

CVE-2015-1303 chromium-browser: Cross-origin bypass in DOM↗2015-09-25

▶

Bugzilla

CVE-2014-1303 webkitgtk: heap-based buffer overflow (WSA-2015-0001)↗2015-01-27

▶