NVD

Id
23629  
Name
CVE-2015-1268  
Description
bindings/scripts/v8_types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value"s DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code, as demonstrated by use of a data: URL.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2015-06-26  
Modified Date
2016-12-30  
Seq
2015-1268  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
125511 23629 CVE-2015-1268 http://googlechromereleases.blogspot.com/2015/06/chrome-stable-update.html  View
125512 23629 CVE-2015-1268 openSUSE-SU-2015:1146  View
125513 23629 CVE-2015-1268 openSUSE-SU-2015:1872  View
125514 23629 CVE-2015-1268 RHSA-2015:1188  View
125515 23629 CVE-2015-1268 DSA-3315  View
125516 23629 CVE-2015-1268 75332  View
125517 23629 CVE-2015-1268 1032731  View
125518 23629 CVE-2015-1268 USN-2652-1  View
125519 23629 CVE-2015-1268 https://code.google.com/p/chromium/issues/detail?id=494640  View
125520 23629 CVE-2015-1268 GLSA-201507-18  View
125521 23629 CVE-2015-1268 https://src.chromium.org/viewvc/blink?revision=196373&view=revision  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
7959 JVNDB-2015-003279 Google Chrome で使用される Blink の bindings/scripts/v8_types.py における同一生成元ポリシーを回避される脆弱性 Google Chrome で使用される Blink の bindings/scripts/v8_types.py は、戻り値の DOM ラッパーに対するコンテキストの作成を適切に選択しないため、同一生成元ポリシーを回避される脆弱性が存在します。 CVE-2015-1268 78493 CVE-2015-1268 23629 5 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-003279.html 2015-06-22 2015-06-29 View