New Search

Vulnerability in Blink as used in Google Chrome before 40.0.2214.111 (CVE-2015-1210)

oval:org.cisecurity:def:7835

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink as used in Google Chrome before 40.0.2214.111 on Windows OS X and Linux and before 40.0.2214.109 on Android does not properly consider frame access restrictions during the throwing of an exception which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows Server 2008
  • Microsoft Windows Server 2012
  • Microsoft Windows 8.1
  • Microsoft Windows 7
  • Microsoft Windows 8
  • Microsoft Windows Vista
  • Microsoft Windows Server 2016
  • Microsoft Windows 10
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2008 R2
  • Microsoft Windows XP
  • Microsoft Windows Server 2012 R2
Class:
vulnerability
Reference(s):
  • CVE-2015-1210
  • stable-channel-update
Product(s):
  • Google Chrome