Kaspersky ID:
KLA10673
Дата обнаружения:
24/09/2015
Обновлено:
03/06/2020

Описание

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions.

Below is a complete list of vulnerabilities

  1. Improper method restrictions at Google V8 can be exploited remotely via a specially designed method call to bypass same origin policy;
  2. Lack of information propagation at Blink can be exploited remotely via a specially designed HTML to bypass same origin policy.

Technical details

(1) located at object-observe.js and can be exploited via a observer or getNotifier calls.

(2) located at bindings/core/v8/V8DOMWrapper.h and caused by not performing a rethrow action about cross-context exception. Can be exploited via HTML containing IFRAME.

Первичный источник обнаружения

Связанные продукты

Список CVE

  • CVE-2015-1304
    critical
  • CVE-2015-1303
    critical

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com

Нашли неточность в описании этой уязвимости? Дайте нам знать!
Узнай больше об угрозах и векторах атаки на Энциклопедии Kaspersky
Бесплатно
Читать
Kaspersky Premium
Комплексное решение для защиты вашей цифровой жизни
Премиум
Скачать
Confirm changes?
Your message has been sent successfully.