Detections
Analytics

CVE-2015-1210

high

Description

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

References

https://src.chromium.org/viewvc/blink?revision=189365&view=revision

https://exchange.xforce.ibmcloud.com/vulnerabilities/100716

https://code.google.com/p/chromium/issues/detail?id=453979

http://www.ubuntu.com/usn/USN-2495-1

http://www.securitytracker.com/id/1031709

http://www.securityfocus.com/bid/72497

http://security.gentoo.org/glsa/glsa-201502-13.xml

http://secunia.com/advisories/62925

http://secunia.com/advisories/62917

http://secunia.com/advisories/62818

http://secunia.com/advisories/62670

http://rhn.redhat.com/errata/RHSA-2015-0163.html

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html

http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html

http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html

Details

Source: Mitre, NVD

Published: 2015-02-06

Updated: 2023-11-07

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Severity: High