CVE-2015-1210
Last modified
CVE-2015-1210 is a vulnerability of currently unknown severity. The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.. EPSS estimates a 1.98% chance of exploitation in the next 30 days.
Description
The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Chrome | < 40.0.2214.109 | |
| Chrome | < 40.0.2214.111 | |
| Canonical | Ubuntu Linux | 14.04 |
| Canonical | Ubuntu Linux | 14.10 |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Eus | 6.6 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Server Aus | 6.6 |
| Redhat | Enterprise Linux Workstation | 6.0 |
| Opensuse | Opensuse | 13.1 |
| Opensuse | Opensuse | 13.2 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-1210?
How severe is CVE-2015-1210?
How do I fix CVE-2015-1210?
Are you affected by CVE-2015-1210?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST