CVE-2015-1210

V8 bindings in Blink <40.0.2214.111-40.0.2214.109 - SSRF

Title source: llm

Description

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

References (15)

Core 15

Core References

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/62818

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/62925

Release Notes, Vendor Advisory x_refsource_confirm

http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html

Third Party Advisory vendor-advisory x_refsource_gentoo

http://security.gentoo.org/glsa/glsa-201502-13.xml

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/62917

Issue Tracking x_refsource_confirm

https://code.google.com/p/chromium/issues/detail?id=453979

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2015-0163.html

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/62670

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1031709

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/100716

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-2495-1

Patch x_refsource_confirm

https://src.chromium.org/viewvc/blink?revision=189365&view=revision

Release Notes, Vendor Advisory x_refsource_confirm

http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/72497

Scores

EPSS 0.0061

EPSS Percentile 70.0%

Details

Status published

Products (11)

canonical/ubuntu_linux 14.04

canonical/ubuntu_linux 14.10

google/chrome < 40.0.2214.109

google/chrome < 40.0.2214.111

opensuse/opensuse 13.1

opensuse/opensuse 13.2

redhat/enterprise_linux_desktop 6.0

redhat/enterprise_linux_eus 6.6

redhat/enterprise_linux_server 6.0

redhat/enterprise_linux_server_aus 6.6

... and 1 more

Published Feb 06, 2015

Tracked Since Feb 18, 2026