Vulnerability Description
core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | 8.0 |
| Chrome | <= 42.0.2311.152 |
Related Weaknesses (CWE)
References
- http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html
- http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html
- http://www.debian.org/security/2015/dsa-3267
- http://www.securityfocus.com/bid/74723
- http://www.securitytracker.com/id/1032375
- https://code.google.com/p/chromium/issues/detail?id=444927
- https://security.gentoo.org/glsa/201506-04
- https://src.chromium.org/viewvc/blink?revision=192658&view=revision
- http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html
- http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html
- http://www.debian.org/security/2015/dsa-3267
- http://www.securityfocus.com/bid/74723
- http://www.securitytracker.com/id/1032375
FAQ
What is CVE-2015-1254?
CVE-2015-1254 is a vulnerability with a CVSS score of 5.0 (MEDIUM). core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by lev...
How severe is CVE-2015-1254?
CVE-2015-1254 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-1254?
Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Google Chrome.