CVE-2015-1302

The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and out_of_process_instance.cc.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://googlechromereleases.blogspot.com/2015/11/stable-channel-update.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00120.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00121.html
http://rhn.redhat.com/errata/RHSA-2015-1841.html
http://www.debian.org/security/2015/dsa-3415
http://www.securityfocus.com/bid/77537
http://www.securitytracker.com/id/1034132
https://code.google.com/p/chromium/issues/detail?id=520422
https://codereview.chromium.org/1316803003
https://security.gentoo.org/glsa/201603-09

Configurations

Configuration 1 (hide)

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

History

07 Nov 2023, 02:24

Type	Values Removed	Values Added
References	~~(GENTOO) https://security.gentoo.org/glsa/201603-09 -~~	() https://security.gentoo.org/glsa/201603-09 -
References	~~(CONFIRM) https://code.google.com/p/chromium/issues/detail?id=520422 -~~	() https://code.google.com/p/chromium/issues/detail?id=520422 -
References	~~(DEBIAN) http://www.debian.org/security/2015/dsa-3415 -~~	() http://www.debian.org/security/2015/dsa-3415 -
References	~~(CONFIRM) http://googlechromereleases.blogspot.com/2015/11/stable-channel-update.html - Vendor Advisory~~	() http://googlechromereleases.blogspot.com/2015/11/stable-channel-update.html -
References	~~(BID) http://www.securityfocus.com/bid/77537 -~~	() http://www.securityfocus.com/bid/77537 -
References	~~(REDHAT) http://rhn.redhat.com/errata/RHSA-2015-1841.html -~~	() http://rhn.redhat.com/errata/RHSA-2015-1841.html -
References	~~(SUSE) http://lists.opensuse.org/opensuse-updates/2015-11/msg00121.html -~~	() http://lists.opensuse.org/opensuse-updates/2015-11/msg00121.html -
References	~~(SECTRACK) http://www.securitytracker.com/id/1034132 -~~	() http://www.securitytracker.com/id/1034132 -
References	~~(CONFIRM) https://codereview.chromium.org/1316803003 -~~	() https://codereview.chromium.org/1316803003 -
References	~~(SUSE) http://lists.opensuse.org/opensuse-updates/2015-11/msg00120.html -~~	() http://lists.opensuse.org/opensuse-updates/2015-11/msg00120.html -

Information

Published : 2015-11-11 11:59

Updated : 2024-02-28 15:21

NVD link : CVE-2015-1302

Mitre link : CVE-2015-1302

CVE.ORG link : CVE-2015-1302

JSON object : View

Products Affected

google

chrome

CWE

CWE-20

Improper Input Validation

7.5 /10