CVE-2015-3334Google Chrome vulnerability

CWE-173 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.5%
top 33.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Google ChromeDebian LinuxOpensuse
Timeline
PublishedApr 19
Latest updateMay 14

Description

browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permission to a web site, which might make it easier for user-assisted remote attackers to obtain sensitive video data from a device's physical environment via a crafted web site that turns on the camera at a time when the user believes that camera access is prohibited.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDgoogle/chrome42.0.2311.60
NVDopensuse/opensuse13.1, 13.2+1

Also affects: Debian Linux 7.0, 8.0

🔴Vulnerability Details

2
GHSA
GHSA-4cj2-rcrx-wjh3: browser/ui/website_settings/website_settings2022-05-14
OSV
CVE-2015-3334: browser/ui/website_settings/website_settings2015-04-19