CVE-2015-3336Google Chrome vulnerability

CWE-2643 documents3 sources
Severity
4.3MEDIUMNVD
EPSS
0.9%
top 24.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Google ChromeDebian LinuxOpensuse
Timeline
PublishedApr 19
Latest updateMay 14

Description

Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service (UI disruption) by constructing a crafted HTML document containing JavaScript code with requestFullScreen and requestPointerLock calls, and arranging for the user to access this document with a file: URL.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

NVDgoogle/chrome42.0.2311.60
NVDopensuse/opensuse13.1, 13.2+1

Also affects: Debian Linux 8.0

🔴Vulnerability Details

2
GHSA
GHSA-hcrp-vfg2-x96p: Google Chrome before 422022-05-14
OSV
CVE-2015-3336: Google Chrome before 422015-04-19