CVE-2015-6779 — Google Chrome vulnerability

CWE-2645 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.6%

top 30.59%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedDec 6

Latest updateMay 17

Description

PDFium, as used in Google Chrome before 47.0.2526.73, does not properly restrict use of chrome: URLs, which allows remote attackers to bypass intended scheme restrictions via a crafted PDF document, as demonstrated by a document with a link to a chrome://settings URL.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDgoogle/chrome46.0.2490.86

🔴Vulnerability Details

GHSA

GHSA-g87j-f4vq-mvgc: PDFium, as used in Google Chrome before 47↗2022-05-17

▶

OSV

CVE-2015-6779: PDFium, as used in Google Chrome before 47↗2015-12-06

▶

📋Vendor Advisories

Red Hat

chromium-browser: Scheme bypass in PDFium↗2015-12-01

▶

💬Community

Bugzilla

CVE-2015-6779 chromium-browser: Scheme bypass in PDFium↗2015-12-02

▶