{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-02-04T00:00:00", "descriptions": [{"lang": "en", "value": "The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-07T15:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"name": "72497", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/72497"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html"}, {"name": "62818", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62818"}, {"name": "62925", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62925"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html"}, {"name": "GLSA-201502-13", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml"}, {"name": "62917", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62917"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/p/chromium/issues/detail?id=453979"}, {"name": "RHSA-2015:0163", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0163.html"}, {"name": "62670", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62670"}, {"name": "1031709", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1031709"}, {"name": "openSUSE-SU-2015:0441", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"}, {"name": "google-chrome-cve20151210-sec-bypass(100716)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100716"}, {"name": "USN-2495-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2495-1"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://src.chromium.org/viewvc/blink?revision=189365&view=revision"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2015-1210", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "72497", "refsource": "BID", "url": "http://www.securityfocus.com/bid/72497"}, {"name": "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html"}, {"name": "62818", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62818"}, {"name": "62925", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62925"}, {"name": "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html"}, {"name": "GLSA-201502-13", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml"}, {"name": "62917", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62917"}, {"name": "https://code.google.com/p/chromium/issues/detail?id=453979", "refsource": "CONFIRM", "url": "https://code.google.com/p/chromium/issues/detail?id=453979"}, {"name": "RHSA-2015:0163", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0163.html"}, {"name": "62670", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62670"}, {"name": "1031709", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031709"}, {"name": "openSUSE-SU-2015:0441", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"}, {"name": "google-chrome-cve20151210-sec-bypass(100716)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100716"}, {"name": "USN-2495-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2495-1"}, {"name": "https://src.chromium.org/viewvc/blink?revision=189365&view=revision", "refsource": "CONFIRM", "url": "https://src.chromium.org/viewvc/blink?revision=189365&view=revision"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:33:20.633Z"}, "title": "CVE Program Container", "references": [{"name": "72497", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/72497"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html"}, {"name": "62818", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62818"}, {"name": "62925", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62925"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html"}, {"name": "GLSA-201502-13", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml"}, {"name": "62917", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62917"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.google.com/p/chromium/issues/detail?id=453979"}, {"name": "RHSA-2015:0163", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0163.html"}, {"name": "62670", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62670"}, {"name": "1031709", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1031709"}, {"name": "openSUSE-SU-2015:0441", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"}, {"name": "google-chrome-cve20151210-sec-bypass(100716)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100716"}, {"name": "USN-2495-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2495-1"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://src.chromium.org/viewvc/blink?revision=189365&view=revision"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2015-1210", "datePublished": "2015-02-06T11:00:00", "dateReserved": "2015-01-21T00:00:00", "dateUpdated": "2024-08-06T04:33:20.633Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:android:*:*", "matchCriteriaId": "DFDE8F2F-775A-4C8B-B332-B00E82A3BAB6", "versionEndExcluding": "40.0.2214.109", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "855BFB6F-F192-4D7C-A07E-8311EC8C9A4D", "versionEndExcluding": "40.0.2214.111", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "319EC0C6-94C5-494A-9C5D-DC5124DFC8E1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "16E6D998-B41D-4B49-9E00-8336D2E40A4A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site."}, {"lang": "es", "value": "La funci\u00f3n V8ThrowException::createDOMException en bindings/core/v8/V8ThrowException.cpp en las vinculaciones V8 en Blink, utilizado en Google Chrome anterior a 40.0.2214.111 en Windows, OS X, y Linux y anterior a 40.0.2214.109 en Android, no considera correctamente las restricciones de acceso a Frame durante el lanzamiento de una excepci\u00f3n, lo que permite a atacantes remotos evadir Same Origin Policy a trav\u00e9s de un sitio web manipulado."}], "id": "CVE-2015-1210", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-02-06T11:59:08.433", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0163.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://secunia.com/advisories/62670"}, {"source": "chrome-cve-admin@google.com", "url": "http://secunia.com/advisories/62818"}, {"source": "chrome-cve-admin@google.com", "url": "http://secunia.com/advisories/62917"}, {"source": "chrome-cve-admin@google.com", "url": "http://secunia.com/advisories/62925"}, {"source": "chrome-cve-admin@google.com", "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securityfocus.com/bid/72497"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securitytracker.com/id/1031709"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.ubuntu.com/usn/USN-2495-1"}, {"source": "chrome-cve-admin@google.com", "url": "https://code.google.com/p/chromium/issues/detail?id=453979"}, {"source": "chrome-cve-admin@google.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100716"}, {"source": "chrome-cve-admin@google.com", "url": "https://src.chromium.org/viewvc/blink?revision=189365&view=revision"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0163.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/62670"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/62818"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/62917"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/62925"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/72497"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1031709"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2495-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://code.google.com/p/chromium/issues/detail?id=453979"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100716"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://src.chromium.org/viewvc/blink?revision=189365&view=revision"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2015:0163", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "chromium-browser-0:40.0.2214.111-1.el6_6", "product_name": "Supplementary for Red Hat Enterprise Linux 6", "release_date": "2015-02-10T00:00:00Z"}], "bugzilla": {"description": "chromium-browser: cross-origin-bypass in V8 bindings", "id": "1190124", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1190124"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "details": ["The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site."], "name": "CVE-2015-1210", "public_date": "2015-02-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-1210\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1210\nhttp://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html"], "threat_severity": "Important"}