CVE-2015-3335 — Google Chrome vulnerability

CWE-2643 documents3 sources

Severity

7.5HIGHNVD

EPSS

2.1%

top 16.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Opensuse

Timeline

PublishedApr 19

Latest updateMay 14

Description

The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl/loader/sandbox_linux/nacl_sandbox_linux.cc in Google Chrome before 42.0.2311.90 does not have RLIMIT_AS and RLIMIT_DATA limits for Native Client (aka NaCl) processes, which might make it easier for remote attackers to conduct row-hammer attacks or have unspecified other impact by leveraging the ability to run a crafted program in the NaCl sandbox.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶NVDgoogle/chrome42.0.2311.60

▶NVDopensuse/opensuse13.1, 13.2+1

🔴Vulnerability Details

GHSA

GHSA-4rcp-p5x7-vvjf: The NaClSandbox::InitializeLayerTwoSandbox function in components/nacl/loader/sandbox_linux/nacl_sandbox_linux↗2022-05-14

▶

💬Community

Bugzilla

CVE-2015-5475 CVE-2015-6506 rt: multiple XSS flaws↗2015-08-17

▶