CVE-2015-1211

Published: Feb 6, 2015Modified: May 6, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI.

Affected (11)

Products: Google: Chrome · Canonical: Ubuntu Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Workstation · +1 more

Show all products

Google: Chrome · Canonical: Ubuntu Linux · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Workstation · Opensuse: Opensuse

1 product

1 product

5 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Workstation

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Before 40.0.2214.109

Configuration B

1 vulnerable · 3 platform

Vulnerable Software	Affected Versions
Google Chrome	Before 40.0.2214.111

Running on/with	Platform Versions
Apple Macos	All versions
Linux Linux Kernel	All versions
Microsoft Windows	All versions

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 14.04
Canonical Ubuntu Linux	Version 14.10

Configuration D

5 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Eus	Version 6.6
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server Aus	Version 6.6
Redhat Enterprise Linux Workstation	Version 6.0

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 13.1
Opensuse Opensuse	Version 13.2

References (30)

http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html

Source: chrome-cve-admin@google.com

http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html

Source: chrome-cve-admin@google.com

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html

Source: chrome-cve-admin@google.com

http://rhn.redhat.com/errata/RHSA-2015-0163.html

Source: chrome-cve-admin@google.com

http://secunia.com/advisories/62670

Source: chrome-cve-admin@google.com

http://secunia.com/advisories/62818

Source: chrome-cve-admin@google.com

http://secunia.com/advisories/62917

Source: chrome-cve-admin@google.com

http://secunia.com/advisories/62925

Source: chrome-cve-admin@google.com

http://security.gentoo.org/glsa/glsa-201502-13.xml

Source: chrome-cve-admin@google.com

http://www.securityfocus.com/bid/72497

Source: chrome-cve-admin@google.com

http://www.securitytracker.com/id/1031709

Source: chrome-cve-admin@google.com

http://www.ubuntu.com/usn/USN-2495-1

Source: chrome-cve-admin@google.com

https://code.google.com/p/chromium/issues/detail?id=453982

Source: chrome-cve-admin@google.com

https://codereview.chromium.org/889323002

Source: chrome-cve-admin@google.com

https://exchange.xforce.ibmcloud.com/vulnerabilities/100717

Source: chrome-cve-admin@google.com

http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2015-0163.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/62670

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/62818

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/62917

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/62925

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-201502-13.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/72497

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1031709

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-2495-1

Source: af854a3a-2127-422b-91ae-364da2661108

https://code.google.com/p/chromium/issues/detail?id=453982

Source: af854a3a-2127-422b-91ae-364da2661108

https://codereview.chromium.org/889323002

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/100717

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.