[Forgot Password]
Login  Register Subscribe

30430

 
 

423868

 
 

247768

 
 

909

 
 

194555

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-1304Date: (C)2015-10-14   (M)2023-12-22


object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL
  
Reference:
-1033683
-76844
DSA-3376
GLSA-201603-09
RHSA-2015:1841
USN-2757-1
http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html
https://chromium.googlesource.com/v8/v8/+/9b0fb52b57021473aa813f3fb99ad7384a8b86f1
https://code.google.com/p/chromium/issues/detail?id=531891
openSUSE-SU-2015:1719
openSUSE-SU-2015:1876

CPE    1
cpe:/a:google:chrome
CWE    1
CWE-284
OVAL    12
oval:org.secpod.oval:def:505488
oval:org.secpod.oval:def:30133
oval:org.secpod.oval:def:30151
oval:org.secpod.oval:def:30149
...

© SecPod Technologies