CVE-2015-1304 in Chromeinfo

Summary

object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Responsible

Reservation

01/21/2015

Disclosure

10/11/2015

Moderation

VulDB entry created

Entries

VDB-78085

CPE

ready

CWE

CWE-284 (Confirmed)

CVSS

5.3

EPSS

0.01935

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2015-1304
NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-1304
CVE Details	https://www.cvedetails.com/cve/CVE-2015-1304/

◂ Previous Overview Next ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!