CVE-2015-1241: Input Validation
First published: Sun Apr 19 2015(Updated: )
Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack.
Credit: cve-coordination@google.com chrome-cve-admin@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Chrome | <42.0.2311.90 | |
| Debian Linux | =8.0 | |
| Ubuntu | =14.04 | |
| Ubuntu | =14.10 | |
| Ubuntu | =15.04 | |
| openSUSE | =13.1 | |
| openSUSE | =13.2 | |
| SUSE Linux Enterprise Server | =12.0 | |
| Red Hat Enterprise Linux Desktop | =6.0 | |
| Red Hat Enterprise Linux Server EUS | =6.6 | |
| Red Hat Enterprise Linux Server | =6.0 | |
| Red Hat Enterprise Linux Server | =6.6 | |
| Red Hat Enterprise Linux Server | =6.6 | |
| Red Hat Enterprise Linux Workstation | =6.0 | |
| Google Chrome | <=42.0.2311.60 | |
| Ubuntu | =14.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html
- http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html
- http://rhn.redhat.com/errata/RHSA-2015-0816.html
- http://ubuntu.com/usn/usn-2570-1
- http://www.debian.org/security/2015/dsa-3238
- http://www.securitytracker.com/id/1032209
- https://code.google.com/p/chromium/issues/detail?id=418402
- https://codereview.chromium.org/628763003
- https://codereview.chromium.org/660663002
- https://codereview.chromium.org/717573004
- https://codereview.chromium.org/868123002
- https://security.gentoo.org/glsa/201506-04
Frequently Asked Questions
What is the severity of CVE-2015-1241?
CVE-2015-1241 is rated as high severity due to its potential to allow remote attackers to perform tapjacking.
How do I fix CVE-2015-1241?
To fix CVE-2015-1241, users should update Google Chrome to version 42.0.2311.90 or later.
What platforms are affected by CVE-2015-1241?
CVE-2015-1241 affects Google Chrome versions before 42.0.2311.90 and various Linux distributions including specific versions of Debian, Ubuntu, openSUSE, and Red Hat.
What is a tapjacking attack as described in CVE-2015-1241?
A tapjacking attack involves tricking users into clicking on invisible or disguised elements on a web page, leading to unintended actions.
Can users still be vulnerable to CVE-2015-1241 if they are on the latest version of Google Chrome?
No, users on the latest version of Google Chrome are not vulnerable to CVE-2015-1241.
- agent/type
- agent/severity
- agent/references
- agent/description
- agent/author
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/google
- canonical/google chrome
- vendor/debian
- canonical/debian linux
- version/debian linux/8.0
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/14.04
- version/ubuntu/14.10
- version/ubuntu/15.04
- vendor/opensuse
- canonical/opensuse
- version/opensuse/13.1
- version/opensuse/13.2
- vendor/suse
- canonical/suse linux enterprise server
- version/suse linux enterprise server/12.0
- vendor/redhat
- canonical/red hat enterprise linux desktop
- version/red hat enterprise linux desktop/6.0
- canonical/red hat enterprise linux server eus
- version/red hat enterprise linux server eus/6.6
- canonical/red hat enterprise linux server
- version/red hat enterprise linux server/6.0
- version/red hat enterprise linux server/6.6
- canonical/red hat enterprise linux workstation
- version/red hat enterprise linux workstation/6.0
- version/google chrome/42.0.2311.60