Published: 03/09/2015 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome prior to 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote malicious users to obtain sensitive information via crafted JavaScript code that leverages a history.back call.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google chrome

Several security issues were fixed in Oxide ...

CWE-254 http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html http://rhn.redhat.com/errata/RHSA-2015-1712.html http://www.securitytracker.com/id/1033472 http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html https://github.com/w3c/resource-timing/issues/29 https://src.chromium.org/viewvc/blink?revision=199553&view=revision http://www.debian.org/security/2015/dsa-3351 https://security.gentoo.org/glsa/201603-09 https://code.google.com/p/chromium/issues/detail?id=511616 https://usn.ubuntu.com/2735-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2015-1300

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect