Vulnerability Description
The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chrome | < 40.0.2214.109 | |
| Apple | Macos | - |
| Linux | Linux Kernel | - |
| Microsoft | Windows | - |
| Canonical | Ubuntu Linux | 14.04 |
| Redhat | Enterprise Linux Desktop | 6.0 |
| Redhat | Enterprise Linux Eus | 6.6 |
| Redhat | Enterprise Linux Server | 6.0 |
| Redhat | Enterprise Linux Server Aus | 6.6 |
| Redhat | Enterprise Linux Workstation | 6.0 |
| Opensuse | Opensuse | 13.1 |
References
- http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html
- http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html
- http://rhn.redhat.com/errata/RHSA-2015-0163.html
- http://secunia.com/advisories/62670
- http://secunia.com/advisories/62818
- http://secunia.com/advisories/62917
- http://secunia.com/advisories/62925
- http://security.gentoo.org/glsa/glsa-201502-13.xml
- http://www.securityfocus.com/bid/72497
- http://www.securitytracker.com/id/1031709
- http://www.ubuntu.com/usn/USN-2495-1
- https://code.google.com/p/chromium/issues/detail?id=453979
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100716
- https://src.chromium.org/viewvc/blink?revision=189365&view=revision
FAQ
What is CVE-2015-1210?
CVE-2015-1210 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and be...
How severe is CVE-2015-1210?
CVE-2015-1210 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-1210?
Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Apple Macos, Linux Linux Kernel, Microsoft Windows, Canonical Ubuntu Linux.