CVE-2015-6772 — Google Chrome vulnerability

CWE-2647 documents6 sources

Severity

7.5HIGHNVD

OSV10.0

EPSS

1.2%

top 20.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedDec 6

Latest updateMay 17

Description

The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that improperly interacts with a plugin.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDgoogle/chrome46.0.2490.86

🔴Vulnerability Details

GHSA

GHSA-j4qx-5rrm-wm6c: The DOM implementation in Blink, as used in Google Chrome before 47↗2022-05-17

▶

OSV

oxide-qt vulnerabilities↗2015-12-10

▶

OSV

CVE-2015-6772: The DOM implementation in Blink, as used in Google Chrome before 47↗2015-12-05

▶

📋Vendor Advisories

Ubuntu

Oxide vulnerabilities↗2015-12-10

▶

Red Hat

chromium-browser: Cross-origin bypass in DOM↗2015-12-01

▶

💬Community

Bugzilla

CVE-2015-6772 chromium-browser: Cross-origin bypass in DOM↗2015-12-02

▶