Published: 06/12/2015 Updated: 07/11/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

The DOM implementation in Blink, as used in Google Chrome prior to 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote malicious users to bypass the Same Origin Policy via crafted JavaScript code that improperly interacts with a plugin.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google chrome

Synopsis Critical: chromium-browser security update Type/Severity Security Advisory: Critical Topic Updated chromium-browser packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having Critical securityimpa ...

Several security issues were fixed in Oxide ...

Several vulnerabilities have been discovered in the chromium web browser CVE-2015-1302 Rub Wu discovered an information leak in the pdfium library CVE-2015-6764 Guang Gong discovered an out-of-bounds read issue in the v8 javascript library CVE-2015-6765 A use-after-free issue was discovered in AppCache CVE-2015-6766 A use-a ...

The DOM implementation in Blink, as used in Google Chrome before 470252673, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that improperly interacts with a plugin ...

CWE-264 http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html http://www.ubuntu.com/usn/USN-2825-1 http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html https://codereview.chromium.org/1444183003/https://security.gentoo.org/glsa/201603-09 https://code.google.com/p/chromium/issues/detail?id=546545 http://www.securityfocus.com/bid/78416 http://www.debian.org/security/2015/dsa-3415 http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html http://www.securitytracker.com/id/1034298 https://access.redhat.com/errata/RHSA-2015:2545 https://usn.ubuntu.com/2825-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2015-6772

CVE-2015-6772

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect