Vulnerability CVE-2015-1303: Information

Description

bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME element.

Severity: HIGH (7.5)

URL: https://nvd.nist.gov/vuln/detail/CVE-2015-1303
Published: Oct. 12, 2015
Modified: Nov. 7, 2023
Error type identifier: CWE-20

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
chromiumsisyphus45.0.2454.99-alt1125.0.6422.141-alt1ALT-PU-2015-1798-1149467Fixed
chromiump1045.0.2454.99-alt1119.0.6045.159-alt0.p10.1ALT-PU-2015-1798-1149467Fixed
chromiump945.0.2454.99-alt197.0.4692.99-alt0.p9.1ALT-PU-2015-1798-1149467Fixed
chromiumc10f145.0.2454.99-alt1110.0.5481.177-alt1.p10.1ALT-PU-2015-1798-1149467Fixed
chromiumc9f245.0.2454.99-alt184.0.4147.105-alt1.1.p9ALT-PU-2015-1798-1149467Fixed
chromiump1145.0.2454.99-alt1125.0.6422.141-alt1ALT-PU-2015-1798-1149467Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
USN-2757-1
    http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html
      RHSA-2015:1841
        openSUSE-SU-2015:1719
          DSA-3376
            https://code.google.com/p/chromium/issues/detail?id=530301
              GLSA-201603-09
                openSUSE-SU-2015:1876
                  1033683
                    76844
                      https://codereview.chromium.org/1339023002

                          1. Configuration 1

                            cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
                            End including
                            45.0.2454.93
                        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                        Version: v24.5.3
                        Back to top