CVE-2015-1210

Published: Feb 6, 2015Modified: May 6, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

Affected (11)

Products: Google: Chrome · Canonical: Ubuntu Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Workstation · +1 more

Show all products

Google: Chrome · Canonical: Ubuntu Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Workstation · Opensuse: Opensuse

1 product

1 product

5 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Workstation

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Before 40.0.2214.109

Configuration B

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Google Chrome	Before 40.0.2214.111

Running on/with	Platform Versions
Apple Macos	All versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 14.10

Configuration D

5 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Eus	Version 6.6
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server Aus	Version 6.6
Redhat Enterprise Linux Workstation	Version 6.0

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 13.1
Opensuse Opensuse	Version 13.2

References (30)

http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html

Source: chrome-cve-admin@google.com

http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html

Source: chrome-cve-admin@google.com

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html

Source: chrome-cve-admin@google.com

http://rhn.redhat.com/errata/RHSA-2015-0163.html

Source: chrome-cve-admin@google.com

http://secunia.com/advisories/62670

Source: chrome-cve-admin@google.com

http://secunia.com/advisories/62818

Source: chrome-cve-admin@google.com

http://secunia.com/advisories/62917

Source: chrome-cve-admin@google.com

http://secunia.com/advisories/62925

Source: chrome-cve-admin@google.com

http://security.gentoo.org/glsa/glsa-201502-13.xml

Source: chrome-cve-admin@google.com

http://www.securityfocus.com/bid/72497

Source: chrome-cve-admin@google.com

http://www.securitytracker.com/id/1031709

Source: chrome-cve-admin@google.com

http://www.ubuntu.com/usn/USN-2495-1

Source: chrome-cve-admin@google.com

https://code.google.com/p/chromium/issues/detail?id=453979

Source: chrome-cve-admin@google.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/100716

Source: chrome-cve-admin@google.com

https://src.chromium.org/viewvc/blink?revision=189365&view=revision

Source: chrome-cve-admin@google.com

http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2015-0163.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/62670

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/62818

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/62917

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/62925

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-201502-13.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/72497

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1031709

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2495-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://code.google.com/p/chromium/issues/detail?id=453979

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/100716

Source: af854a3a-2127-422b-91ae-364da2661108

https://src.chromium.org/viewvc/blink?revision=189365&view=revision

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.