Vulnerability Description
Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chrome | <= 41.0.2272.102 | |
| Apple | Macos | All versions |
| Linux | Linux Kernel | All versions |
| Microsoft | Windows | All versions |
Related Weaknesses (CWE)
References
- http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00004.html
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html
- http://rhn.redhat.com/errata/RHSA-2015-0778.html
- http://www.securityfocus.com/bid/73484
- http://www.securitytracker.com/id/1032012
- http://www.ubuntu.com/usn/USN-2556-1
- https://code.google.com/p/chromium/issues/detail?id=469058
- https://security.gentoo.org/glsa/201506-04
- http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00004.html
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html
- http://rhn.redhat.com/errata/RHSA-2015-0778.html
- http://www.securityfocus.com/bid/73484
- http://www.securitytracker.com/id/1032012
FAQ
What is CVE-2015-1233?
CVE-2015-1233 is a vulnerability with a CVSS score of 7.5 (HIGH). Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors.
How severe is CVE-2015-1233?
CVE-2015-1233 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-1233?
Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome, Apple Macos, Linux Linux Kernel, Microsoft Windows.