HomePentest-Tools.com Logo

Google Chrome Multiple Vulnerabilities-01 June15 (Linux) CVE-2015-1269CVE-2015-1268CVE-2015-1267CVE-2015-1266

Severity
Not available
CVSSv3 Score
Not available
Vulnerability description

Google Chrome is prone to multiple vulnerabilities.

Risk description

Multiple flaws are due to: - DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc script does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries. - bindings/scripts/v8_types.py in Blink does not properly select a creation context for a return values DOM wrapper. - Blink does not properly restrict the creation context during creation of a DOM wrapper. - content/browser/webui/content_web_ui_controller_factory.cc script does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance. Successful exploitation will allow remote attackers to bypass the Same Origin Policy and intended access restrictions via different dimensions.

Recommendation

Upgrade to Google Chrome version 43.0.2357.130 or later.

Codename
Not available
Detectable with
Network Scanner
Scan engine
OpenVAS
Exploitable with Sniper
No
CVE Published
Jun 26, 2015
Detection added at
Software Type
Not available
Vendor
Not available
Product
Not available