Описание
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions.
Below is a complete list of vulnerabilities
- Improper method restrictions at Google V8 can be exploited remotely via a specially designed method call to bypass same origin policy;
- Lack of information propagation at Blink can be exploited remotely via a specially designed HTML to bypass same origin policy.
Technical details
(1) located at object-observe.js and can be exploited via a observer or getNotifier calls.
(2) located at bindings/core/v8/V8DOMWrapper.h and caused by not performing a rethrow action about cross-context exception. Can be exploited via HTML containing IFRAME.
Первичный источник обнаружения
Связанные продукты
Список CVE
- CVE-2015-1304 critical
- CVE-2015-1303 critical
Смотрите также
Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com
Нашли неточность в описании этой уязвимости? Дайте нам знать!