CVE-2015-6769 — Google Chrome vulnerability

CWE-2647 documents6 sources

Severity

7.5HIGHNVD

OSV10.0

EPSS

1.2%

top 20.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedDec 6

Latest updateMay 17

Description

The provisional-load commit implementation in WebKit/Source/bindings/core/v8/WindowProxy.cpp in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy by leveraging a delay in window proxy clearing.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDgoogle/chrome46.0.2490.86

🔴Vulnerability Details

GHSA

GHSA-33xw-9hr7-47v7: The provisional-load commit implementation in WebKit/Source/bindings/core/v8/WindowProxy↗2022-05-17

▶

OSV

oxide-qt vulnerabilities↗2015-12-10

▶

OSV

CVE-2015-6769: The provisional-load commit implementation in WebKit/Source/bindings/core/v8/WindowProxy↗2015-12-05

▶

📋Vendor Advisories

Ubuntu

Oxide vulnerabilities↗2015-12-10

▶

Red Hat

chromium-browser: Cross-origin bypass in core↗2015-12-01

▶

💬Community

Bugzilla

CVE-2015-6769 chromium-browser: Cross-origin bypass in core↗2015-12-02

▶