Security bypass vulnerabilties at Google Chrome

Описание

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to bypass security restrictions.

Below is a complete list of vulnerabilities

1. Improper method restrictions at Google V8 can be exploited remotely via a specially designed method call to bypass same origin policy;
2. Lack of information propagation at Blink can be exploited remotely via a specially designed HTML to bypass same origin policy.

---

Technical details

(1) located at object-observe.js and can be exploited via a observer or getNotifier calls.

(2) located at bindings/core/v8/V8DOMWrapper.h and caused by not performing a rethrow action about cross-context exception. Can be exploited via HTML containing IFRAME.

Первичный источник обнаружения

• Google Chrome blog entry
  

Связанные продукты

• Google-Chrome

Список CVE

• CVE-2015-1304
  critical
• CVE-2015-1303
  critical

Смотрите также

Узнай статистику распространения уязвимостей в своем регионе statistics.securelist.com