 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.805449 |
| Category: | General |
| Title: | Google Chrome Multiple Vulnerabilities-01 (Feb 2015) - Windows |
| Summary: | Google Chrome is prone to multiple vulnerabilities. |
| Description: | Summary: Google Chrome is prone to multiple vulnerabilities. Vulnerability Insight: Multiple flaws are due to: - Multiple unspecified vulnerabilities in Google Chrome. - The 'OriginCanAccessServiceWorkers' function in content/browser/service_worker/service_worker_dispatcher_host.cc script does not properly restrict the URI scheme during a ServiceWorker registration. - The 'V8ThrowException::createDOMException' function in bindings/core/v8/V8ThrowException.cpp script in the V8 bindings in Blink does not properly consider frame access restrictions during the throwing of an exception. - A use-after-free flaw in the 'VisibleSelection::nonBoundaryShadowTreeRootNode' function in editing/VisibleSelection.cpp script is triggered when a selection's anchor is a shadow root Vulnerability Impact: Successful exploitation will allow remote attackers gain elevated privileges, bypass cross-origin policies, to cause a denial of service or possibly have unspecified other impact via different crafted dimensions. Affected Software/OS: Google Chrome version prior to 40.0.2214.111 on Windows. Solution: Upgrade to Google Chrome version 40.0.2214.111 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-1212 BugTraq ID: 72497 http://www.securityfocus.com/bid/72497 http://security.gentoo.org/glsa/glsa-201502-13.xml RedHat Security Advisories: RHSA-2015:0163 http://rhn.redhat.com/errata/RHSA-2015-0163.html http://www.securitytracker.com/id/1031709 http://secunia.com/advisories/62670 http://secunia.com/advisories/62818 http://secunia.com/advisories/62917 http://secunia.com/advisories/62925 SuSE Security Announcement: openSUSE-SU-2015:0441 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html http://www.ubuntu.com/usn/USN-2495-1 XForce ISS Database: google-chrome-cve20151212-unspecified(100718) https://exchange.xforce.ibmcloud.com/vulnerabilities/100718 Common Vulnerability Exposure (CVE) ID: CVE-2015-1211 XForce ISS Database: google-chrome-cve20151211-priv-esc(100717) https://exchange.xforce.ibmcloud.com/vulnerabilities/100717 Common Vulnerability Exposure (CVE) ID: CVE-2015-1210 XForce ISS Database: google-chrome-cve20151210-sec-bypass(100716) https://exchange.xforce.ibmcloud.com/vulnerabilities/100716 Common Vulnerability Exposure (CVE) ID: CVE-2015-1209 XForce ISS Database: google-chrome-cve20151209-code-exec(100715) https://exchange.xforce.ibmcloud.com/vulnerabilities/100715 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |