NVD

Id
23664  
Name
CVE-2015-1304  
Description
object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call.  
Reject
 
CVSS Version
2  
CVSS Score
7.5  
Severity
High  
CVSS Base Score
7.5  
CVSS Impact Subscore
6.4  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:P/A:P)  
Pub Date
2017-01-19  
Published
2015-10-11  
Modified Date
2016-12-23  
Seq
2015-1304  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
125859 23664 CVE-2015-1304 http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html  View
125860 23664 CVE-2015-1304 openSUSE-SU-2015:1719  View
125861 23664 CVE-2015-1304 openSUSE-SU-2015:1876  View
125862 23664 CVE-2015-1304 RHSA-2015:1841  View
125863 23664 CVE-2015-1304 DSA-3376  View
125864 23664 CVE-2015-1304 76844  View
125865 23664 CVE-2015-1304 1033683  View
125866 23664 CVE-2015-1304 USN-2757-1  View
125867 23664 CVE-2015-1304 https://chromium.googlesource.com/v8/v8/+/9b0fb52b57021473aa813f3fb99ad7384a8b86f1  View
125868 23664 CVE-2015-1304 https://code.google.com/p/chromium/issues/detail?id=531891  View
125869 23664 CVE-2015-1304 GLSA-201603-09  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
9868 JVNDB-2015-005188 Google Chrome で使用される Google V8 の object-observe.js における同一生成元ポリシーを回避される脆弱性 Google Chrome で使用される Google V8 の object-observe.js は、アクセスチェック済みのオブジェクト上でメソッド呼び出しを適切に制限しないため、同一生成元ポリシーを回避される脆弱性が存在します。 CVE-2015-1304 78529 CVE-2015-1304 23664 7.5 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-005188.html 2015-09-24 2015-10-14 View