NVD

Id
23662  
Name
CVE-2015-1302  
Description
The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and out_of_process_instance.cc.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2015-11-11  
Modified Date
2016-12-07  
Seq
2015-1302  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
125839 23662 CVE-2015-1302 http://googlechromereleases.blogspot.com/2015/11/stable-channel-update.html  View
125840 23662 CVE-2015-1302 openSUSE-SU-2015:2068  View
125841 23662 CVE-2015-1302 openSUSE-SU-2015:2069  View
125842 23662 CVE-2015-1302 DSA-3415  View
125843 23662 CVE-2015-1302 77537  View
125844 23662 CVE-2015-1302 1034132  View
125845 23662 CVE-2015-1302 https://code.google.com/p/chromium/issues/detail?id=520422  View
125846 23662 CVE-2015-1302 https://codereview.chromium.org/1316803003  View
125847 23662 CVE-2015-1302 GLSA-201603-09  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
10558 JVNDB-2015-005878 Google Chrome の PDF Viewer における同一生成元ポリシーを回避される脆弱性 Google Chrome の PDF Viewer は、スクリプティングメッセージおよび API エクスポージャを適切に制限しないため、同一生成元ポリシーを回避される脆弱性が存在します。 CVE-2015-1302 78527 CVE-2015-1302 23662 7.5 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-005878.html 2015-11-10 2015-11-13 View