Vulnerability CVE-2015-1304: Information

Description

object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call.

Severity: HIGH (7.5)

URL: https://nvd.nist.gov/vuln/detail/CVE-2015-1304
Published: Oct. 12, 2015
Modified: Nov. 7, 2023
Error type identifier: CWE-284

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
chromiumsisyphus45.0.2454.99-alt1125.0.6422.141-alt1ALT-PU-2015-1798-1149467Fixed
chromiump1045.0.2454.99-alt1119.0.6045.159-alt0.p10.1ALT-PU-2015-1798-1149467Fixed
chromiump945.0.2454.99-alt197.0.4692.99-alt0.p9.1ALT-PU-2015-1798-1149467Fixed
chromiumc10f145.0.2454.99-alt1110.0.5481.177-alt1.p10.1ALT-PU-2015-1798-1149467Fixed
chromiumc9f245.0.2454.99-alt184.0.4147.105-alt1.1.p9ALT-PU-2015-1798-1149467Fixed
chromiump1145.0.2454.99-alt1125.0.6422.141-alt1ALT-PU-2015-1798-1149467Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
USN-2757-1
    http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html
      RHSA-2015:1841
        openSUSE-SU-2015:1719
          https://code.google.com/p/chromium/issues/detail?id=531891
            DSA-3376
              https://chromium.googlesource.com/v8/v8/+/9b0fb52b57021473aa813f3fb99ad7384a8b86f1
                GLSA-201603-09
                  openSUSE-SU-2015:1876
                    1033683
                      76844

                          1. Configuration 1

                            cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
                            End including
                            45.0.2454.93
                        VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                        Version: v24.5.3
                        Back to top