CVE-2015-1241
Last modified
CVE-2015-1241 is a vulnerability of currently unknown severity. Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack.. EPSS estimates a 2.22% chance of exploitation in the next 30 days.
Description
Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Chrome | < 42.0.2311.90 | |
| Debian | Debian Linux | 8.0 |
| Canonical | Ubuntu Linux | 14.04 |
| Canonical | Ubuntu Linux | 14.10 |
| Canonical | Ubuntu Linux | 15.04 |
| Opensuse | Opensuse | 13.1 |
| Opensuse | Opensuse | 13.2 |
| Suse | Linux Enterprise | 12.0 |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Eus | 6.6 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Server Aus | 6.6 |
| Redhat | Enterprise Linux Server Eus | 6.6 |
| Redhat | Enterprise Linux Workstation | 6.0 |
References
- http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.htmlMitigation, Third Party Advisory
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.htmlMitigation, Third Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-0816.htmlThird Party Advisory
- http://ubuntu.com/usn/usn-2570-1Third Party Advisory
- http://www.debian.org/security/2015/dsa-3238Third Party Advisory
- http://www.securitytracker.com/id/1032209Broken Link, Third Party Advisory, VDB Entry
- https://code.google.com/p/chromium/issues/detail?id=418402Exploit, Issue Tracking, Vendor Advisory
- https://codereview.chromium.org/628763003Issue Tracking, Vendor Advisory
- https://codereview.chromium.org/660663002Issue Tracking, Vendor Advisory
- https://codereview.chromium.org/717573004Issue Tracking, Vendor Advisory
- https://codereview.chromium.org/868123002Issue Tracking, Vendor Advisory
- https://security.gentoo.org/glsa/201506-04Third Party Advisory
- http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.htmlMitigation, Third Party Advisory
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.htmlMitigation, Third Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-0816.htmlThird Party Advisory
- http://ubuntu.com/usn/usn-2570-1Third Party Advisory
- http://www.debian.org/security/2015/dsa-3238Third Party Advisory
- http://www.securitytracker.com/id/1032209Broken Link, Third Party Advisory, VDB Entry
- https://code.google.com/p/chromium/issues/detail?id=418402Exploit, Issue Tracking, Vendor Advisory
- https://codereview.chromium.org/628763003Issue Tracking, Vendor Advisory
- https://codereview.chromium.org/660663002Issue Tracking, Vendor Advisory
- https://codereview.chromium.org/717573004Issue Tracking, Vendor Advisory
- https://codereview.chromium.org/868123002Issue Tracking, Vendor Advisory
- https://security.gentoo.org/glsa/201506-04Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2015-1241?
How severe is CVE-2015-1241?
How do I fix CVE-2015-1241?
Are you affected by CVE-2015-1241?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST