CVE-2015-6759 — Sensitive Information Exposure in Google Chrome

CWE-200 — Sensitive Information Exposure8 documents6 sources

Severity

5.0MEDIUMNVD

OSV7.5

EPSS

0.8%

top 25.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedOct 15

Latest updateMay 17

Description

The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin.cpp in Blink, as used in Google Chrome before 46.0.2490.71, does not ensure that the origin of a LocalStorage resource is considered unique, which allows remote attackers to obtain sensitive information via vectors involving a blob: URL.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDgoogle/chrome45.0.2454.101

🔴Vulnerability Details

GHSA

GHSA-7qvm-pj8m-x4wc: The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin↗2022-05-17

▶

OSV

oxide-qt vulnerabilities↗2015-10-20

▶

OSV

CVE-2015-6759: The shouldTreatAsUniqueOrigin function in platform/weborigin/SecurityOrigin↗2015-10-15

▶

📋Vendor Advisories

Ubuntu

Oxide vulnerabilities↗2015-10-22

▶

Ubuntu

Oxide vulnerabilities↗2015-10-20

▶

Red Hat

chromium-browser: Information leakage in LocalStorage↗2015-10-13

▶

💬Community

Bugzilla

CVE-2015-6759 chromium-browser: Information leakage in LocalStorage↗2015-10-14

▶