Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-1210


The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.


Published

2015-02-06T11:59:08.433

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Primary
    NVD-CWE-noinfo

Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application google chrome < 40.0.2214.109 Yes
Application google chrome < 40.0.2214.111 Yes
Operating System apple macos - No
Operating System linux linux_kernel - No
Operating System microsoft windows - No
Operating System canonical ubuntu_linux 14.04 Yes
Operating System canonical ubuntu_linux 14.10 Yes
Operating System redhat enterprise_linux_desktop 6.0 Yes
Operating System redhat enterprise_linux_eus 6.6 Yes
Operating System redhat enterprise_linux_server 6.0 Yes
Operating System redhat enterprise_linux_server_aus 6.6 Yes
Operating System redhat enterprise_linux_workstation 6.0 Yes
Operating System opensuse opensuse 13.1 Yes
Operating System opensuse opensuse 13.2 Yes

References