CVE-2015-1236

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2015-1236
The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References
Link Resource
https://src.chromium.org/viewvc/blink?revision=189527&view=revision
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html Vendor Advisory
https://code.google.com/p/chromium/issues/detail?id=313939
http://ubuntu.com/usn/usn-2570-1
http://www.debian.org/security/2015/dsa-3238
http://www.securitytracker.com/id/1032209
http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html
https://security.gentoo.org/glsa/201506-04
http://rhn.redhat.com/errata/RHSA-2015-0816.html
http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Information

Published : 2015-04-19 03:59

Updated : 2017-01-02 18:59

NVD link : CVE-2015-1236

Mitre link : CVE-2015-1236

JSON object : View

CWE
CWE-264

Permissions, Privileges, and Access Controls

Advertisement

dedicated server usa
Products Affected

debian

  • debian_linux

canonical

  • ubuntu_linux

google

  • chrome