CVE-2015-1241: Input Validation
First published: Sun Apr 19 2015(Updated: )
Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack.
Credit: cve-coordination@google.com chrome-cve-admin@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Chrome | <=42.0.2311.60 | |
| Debian Debian Linux | =8.0 | |
| Ubuntu Linux | =14.04 | |
| Ubuntu Linux | =14.10 | |
| Ubuntu Linux | =15.04 | |
| Google Chrome | <42.0.2311.90 | |
| Ubuntu Linux | =14.04 | |
| openSUSE | =13.1 | |
| openSUSE | =13.2 | |
| SUSE Linux Enterprise Server | =12.0 | |
| redhat enterprise Linux desktop | =6.0 | |
| redhat enterprise Linux eus | =6.6 | |
| redhat enterprise Linux server | =6.0 | |
| redhat enterprise Linux server aus | =6.6 | |
| redhat enterprise Linux server eus | =6.6 | |
| redhat enterprise Linux workstation | =6.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html
- http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html
- http://rhn.redhat.com/errata/RHSA-2015-0816.html
- http://ubuntu.com/usn/usn-2570-1
- http://www.debian.org/security/2015/dsa-3238
- http://www.securitytracker.com/id/1032209
- https://code.google.com/p/chromium/issues/detail?id=418402
- https://codereview.chromium.org/628763003
- https://codereview.chromium.org/660663002
- https://codereview.chromium.org/717573004
- https://codereview.chromium.org/868123002
- https://security.gentoo.org/glsa/201506-04
- agent/type
- agent/severity
- agent/references
- agent/description
- agent/author
- agent/weakness
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/google
- canonical/google chrome
- version/google chrome/42.0.2311.60
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/8.0
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/14.04
- version/ubuntu linux/14.10
- version/ubuntu linux/15.04
- vendor/opensuse
- canonical/opensuse
- version/opensuse/13.1
- version/opensuse/13.2
- vendor/suse
- canonical/suse linux enterprise server
- version/suse linux enterprise server/12.0
- vendor/redhat
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/6.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/6.6
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/6.0
- canonical/redhat enterprise linux server aus
- version/redhat enterprise linux server aus/6.6
- canonical/redhat enterprise linux server eus
- version/redhat enterprise linux server eus/6.6
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/6.0