HomePentest-Tools.com Logo

Google Chrome Multiple Vulnerabilities-01 June15 (Linux) CVE-2015-1269CVE-2015-1268CVE-2015-1267CVE-2015-1266

Not available
CVSSv3 Score
Not available
Vulnerability description

Google Chrome is prone to multiple vulnerabilities.

Risk description

Multiple flaws are due to: - DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc script does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries. - bindings/scripts/v8_types.py in Blink does not properly select a creation context for a return values DOM wrapper. - Blink does not properly restrict the creation context during creation of a DOM wrapper. - content/browser/webui/content_web_ui_controller_factory.cc script does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance. Successful exploitation will allow remote attackers to bypass the Same Origin Policy and intended access restrictions via different dimensions.


Upgrade to Google Chrome version 43.0.2357.130 or later.

Not available
Detectable with
Network Scanner
Scan engine
Exploitable with Sniper
CVE Published
Jun 26, 2015
Detection added at
Software Type
Not available
Not available
Not available