CVE-2015-6788 — Type Confusion in Google Chrome

CWE-843 — Type Confusion5 documents5 sources

Severity

10.0CRITICALNVD

EPSS

3.2%

top 13.02%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedDec 14

Latest updateMay 17

Description

The ObjectBackedNativeHandler class in extensions/renderer/object_backed_native_handler.cc in the extensions subsystem in Google Chrome before 47.0.2526.80 improperly implements handler functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDgoogle/chrome47.0.2526.73

🔴Vulnerability Details

GHSA

GHSA-fhhh-fjpg-ww94: The ObjectBackedNativeHandler class in extensions/renderer/object_backed_native_handler↗2022-05-17

▶

OSV

CVE-2015-6788: The ObjectBackedNativeHandler class in extensions/renderer/object_backed_native_handler↗2015-12-14

▶

📋Vendor Advisories

Red Hat

chromium-browser: Type confusion in extensions↗2015-12-08

▶

💬Community

Bugzilla

CVE-2015-6788 chromium-browser: Type confusion in extensions↗2015-12-09

▶