CVE-2015-1210

The V8ThrowException::createDOMException function in bindings/core/v8/V8ThrowException.cpp in the V8 bindings in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, does not properly consider frame access restrictions during the throwing of an exception, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

Published: Feb 6, 2015
Updated: Nov 8, 2023
CVE: CVE-2015-1210
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
google / chrome	-	40.0.2214.109
google / chrome	-	40.0.2214.111
canonical / ubuntu_linux	14.10	14.10.x
canonical / ubuntu_linux	14.04	14.04.x
redhat / enterprise_linux_server_aus	6.6	6.6.x
redhat / enterprise_linux_desktop	6.0	6.0.x
redhat / enterprise_linux_server	6.0	6.0.x
redhat / enterprise_linux_workstation	6.0	6.0.x
redhat / enterprise_linux_eus	6.6	6.6.x
opensuse / opensuse	13.1	13.1.x
opensuse / opensuse	13.2	13.2.x

Vulnerability Database

290,273

CVE-2015-1210