Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2015-1302

Published: 11/11/2015 Updated: 07/11/2023
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Chrome

Vulnerability Summary

The PDF viewer in Google Chrome prior to 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote malicious users to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and out_of_process_instance.cc.

Vulnerable Product Search on Vulmon Subscribe to Product

google chrome

Vendor Advisories

Debian Security Advisories: DSA-3415-1 chromium-browser -- security update
Several vulnerabilities have been discovered in the chromium web browser CVE-2015-1302 Rub Wu discovered an information leak in the pdfium library CVE-2015-6764 Guang Gong discovered an out-of-bounds read issue in the v8 javascript library CVE-2015-6765 A use-after-free issue was discovered in AppCache CVE-2015-6766 A use-a ...
Red Hat: CVE-2015-1302
The PDF viewer in Google Chrome before 460249086 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdfjs and out_of_process_instancecc ...

References

CWE-20http://lists.opensuse.org/opensuse-updates/2015-11/msg00121.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1841.htmlhttps://code.google.com/p/chromium/issues/detail?id=520422http://lists.opensuse.org/opensuse-updates/2015-11/msg00120.htmlhttps://codereview.chromium.org/1316803003http://www.securitytracker.com/id/1034132https://security.gentoo.org/glsa/201603-09http://googlechromereleases.blogspot.com/2015/11/stable-channel-update.htmlhttp://www.debian.org/security/2015/dsa-3415http://www.securityfocus.com/bid/77537https://nvd.nist.govhttps://www.debian.org/security/./dsa-3415https://access.redhat.com/security/cve/cve-2015-1302
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-30924CVE-2024-3400overflowCVE-2024-23528CVE-2024-21338CVE-2024-3818CVE-2024-23535NULL pointer dereferenceelevation of privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook