CVE-2008-5915

Name: CVE-2008-5915
Creator: NVD / NIST
Published: 2009-01-20T16:30:00.407+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.23%

Last modified Jun 16, 2026

CVE-2008-5915 is a vulnerability of currently unknown severity. An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.. EPSS estimates a 1.23% chance of exploitation in the next 30 days.

Description

An unspecified function in the JavaScript implementation in Google Chrome creates and exposes a "temporary footprint" when there is a current login to a web site, which makes it easier for remote attackers to trick a user into acting upon a spoofed pop-up message, aka an "in-session phishing attack." NOTE: as of 20090116, the only disclosure is a vague pre-advisory with no actionable information. However, because it is from a well-known researcher, it is being assigned a CVE identifier for tracking purposes.

Metrics

EPSS Probability

1.23%

65.2th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

Vendor	Product	Versions
Google	Chrome	All versions

References

http://arstechnica.com/news.ars/post/20090113-new-method-of-phishmongering-could-fool-experienced-users.htmlThird Party Advisory
http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212900161Third Party Advisory
http://www.infoworld.com/article/09/01/13/Browser_bug_could_allow_phishing_without_email_1.htmlBroken Link
http://www.securityfocus.com/bid/33276Third Party Advisory, VDB Entry
http://www.trusteer.com/files/In-session-phishing-advisory-2.pdfThird Party Advisory
http://arstechnica.com/news.ars/post/20090113-new-method-of-phishmongering-could-fool-experienced-users.htmlThird Party Advisory
http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=212900161Third Party Advisory
http://www.infoworld.com/article/09/01/13/Browser_bug_could_allow_phishing_without_email_1.htmlBroken Link
http://www.securityfocus.com/bid/33276Third Party Advisory, VDB Entry
http://www.trusteer.com/files/In-session-phishing-advisory-2.pdfThird Party Advisory

Timeline

Published: Jan 20, 2009
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2008-5915?

How severe is CVE-2008-5915?

Severity scoring for CVE-2008-5915 is pending analysis. The EPSS model estimates a 1.23% probability of exploitation in the next 30 days.

How do I fix CVE-2008-5915?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2008-5915?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST