CVE-2015-1210
First published: Fri Feb 06 2015(Updated: )
The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.
Credit: cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Chrome | <40.0.2214.109 | |
| Google Chrome | <40.0.2214.111 | |
| macOS | ||
| Linux Kernel | ||
| Microsoft Windows Operating System | ||
| Ubuntu | =14.04 | |
| Ubuntu | =14.10 | |
| Red Hat Enterprise Linux Desktop | =6.0 | |
| Red Hat Enterprise Linux Server EUS | =6.6 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Server | =6.6 | |
| Red Hat Enterprise Linux Workstation | =6.0 | |
| openSUSE | =13.1 | |
| openSUSE | =13.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html
- http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html
- http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html
- http://rhn.redhat.com/errata/RHSA-2015-0163.html
- http://secunia.com/advisories/62670
- http://secunia.com/advisories/62818
- http://secunia.com/advisories/62917
- http://secunia.com/advisories/62925
- http://security.gentoo.org/glsa/glsa-201502-13.xml
- http://www.securityfocus.com/bid/72497
- http://www.securitytracker.com/id/1031709
- http://www.ubuntu.com/usn/USN-2495-1
- https://code.google.com/p/chromium/issues/detail?id=453979
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100716
- https://src.chromium.org/viewvc/blink?revision=189365&view=revision
Frequently Asked Questions
What is the severity of CVE-2015-1210?
CVE-2015-1210 is classified as a high severity vulnerability impacting multiple versions of Google Chrome.
How do I fix CVE-2015-1210?
To fix CVE-2015-1210, update Google Chrome to version 40.0.2214.111 or newer on Windows and OS X, or version 40.0.2214.109 or newer on Android.
What are the affected versions related to CVE-2015-1210?
CVE-2015-1210 affects Google Chrome versions prior to 40.0.2214.111 on desktop and 40.0.2214.109 on Android.
Does CVE-2015-1210 affect Linux distributions?
CVE-2015-1210 can affect specific versions of Google Chrome running on Linux, specifically those before 40.0.2214.111.
Who is impacted by CVE-2015-1210?
Users of Google Chrome, particularly those on older versions of the browser, are impacted by CVE-2015-1210.
- agent/type
- agent/remedy
- agent/references
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/google
- canonical/google chrome
- vendor/apple
- canonical/macos
- vendor/linux
- canonical/linux kernel
- vendor/microsoft
- canonical/microsoft windows operating system
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/14.04
- version/ubuntu/14.10
- vendor/redhat
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/6.0
- canonical/red hat enterprise linux server eus
- version/red hat enterprise linux server eus/6.6
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/6.0
- version/red hat enterprise linux server/6.6
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/6.0
- vendor/opensuse
- canonical/opensuse
- version/opensuse/13.1
- version/opensuse/13.2