CVE-2015-6755Insufficient Verification of Data Authenticity in Google Chrome

CWE-264CWE-345Insufficient Verification of Data Authenticity9 documents7 sources
Severity
7.5HIGHNVD
EPSS
1.0%
top 22.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedOct 15
Latest updateMay 17

Description

The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDgoogle/chrome45.0.2454.101

🔴Vulnerability Details

3
GHSA
GHSA-qgj6-v74v-wpqp: The ContainerNode::parserInsertBefore function in core/dom/ContainerNode2022-05-17
OSV
oxide-qt vulnerabilities2015-10-20
OSV
CVE-2015-6755: The ContainerNode::parserInsertBefore function in core/dom/ContainerNode2015-10-15

💥Exploits & PoCs

1
Exploit-DB
AIX 7.1 - 'lquerylv' Local Privilege Escalation2015-10-30

📋Vendor Advisories

3
Ubuntu
Oxide vulnerabilities2015-10-22
Ubuntu
Oxide vulnerabilities2015-10-20
Red Hat
chromium-browser: cross-origin bypass in Blink2015-10-13

💬Community

1
Bugzilla
CVE-2015-6755 chromium-browser: cross-origin bypass in Blink2015-10-14