[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248038

 
 

909

 
 

194772

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-1236Date: (C)2015-04-21   (M)2024-02-01


The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 4.3
Exploit Score: 8.6
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: NONE
  
Reference:
-1032209
DSA-3238
GLSA-201506-04
RHSA-2015:0816
USN-2570-1
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html
https://code.google.com/p/chromium/issues/detail?id=313939
https://src.chromium.org/viewvc/blink?revision=189527&view=revision
openSUSE-SU-2015:0748
openSUSE-SU-2015:1887

CPE    5
cpe:/o:debian:debian_linux:8.0
cpe:/a:google:chrome
cpe:/o:canonical:ubuntu_linux:15.04
cpe:/o:canonical:ubuntu_linux:14.04::~~lts~~~
...
CWE    1
CWE-264
OVAL    13
oval:org.secpod.oval:def:505391
oval:org.secpod.oval:def:24218
oval:org.secpod.oval:def:24219
oval:org.secpod.oval:def:24120
...

© SecPod Technologies