CVE-2015-1241

Google Chrome <42.0.2311.90 - Info Disclosure

Title source: llm
STIX 2.1

Description

Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack.

References (13)

Core 13
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0816.html
Issue Tracking, Vendor Advisory x_refsource_confirm
https://codereview.chromium.org/660663002
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://ubuntu.com/usn/usn-2570-1
Issue Tracking, Vendor Advisory x_refsource_confirm
https://codereview.chromium.org/717573004
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3238
Mitigation, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/201506-04
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032209
Issue Tracking, Vendor Advisory x_refsource_confirm
https://codereview.chromium.org/868123002
Issue Tracking, Vendor Advisory x_refsource_confirm
https://codereview.chromium.org/628763003
Mitigation, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html
Exploit, Issue Tracking, Vendor Advisory x_refsource_confirm
https://code.google.com/p/chromium/issues/detail?id=418402

Scores

EPSS 0.0283
EPSS Percentile 86.4%

Details

CWE
CWE-1021
Status published
Products (14)
canonical/ubuntu_linux 14.04
canonical/ubuntu_linux 14.10
canonical/ubuntu_linux 15.04
debian/debian_linux 8.0
google/chrome < 42.0.2311.90
opensuse/opensuse 13.1
opensuse/opensuse 13.2
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_eus 6.6
redhat/enterprise_linux_server 6.0
... and 4 more
Published Apr 19, 2015
Tracked Since Feb 18, 2026