CVE-2015-1211
chromium-browser: privilege escalation in service workers
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI.
La función OriginCanAccessServiceWorkers en content/browser/service_worker/service_worker_dispatcher_host.cc en Google Chrome anterior a 40.0.2214.111 en Windows, OS X, y Linux y anterior a 40.0.2214.109 en Android no restringe correctamente la esquema de la URI durante un registro Serviceworker, lo que permite a atacantes remotos ganar privilegios a través de una URI filesystem:.
A use-after-free bug was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. It was discovered that V8 did not properly consider frame access restrictions when throwing exceptions in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. Various other issues were also addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-01-21 CVE Reserved
- 2015-02-06 CVE Published
- 2024-08-06 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (17)
| URL | Tag | Source |
|---|---|---|
| http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html | X_refsource_confirm | |
| http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html | X_refsource_confirm | |
| http://secunia.com/advisories/62670 | Third Party Advisory | |
| http://secunia.com/advisories/62818 | Third Party Advisory | |
| http://secunia.com/advisories/62917 | Third Party Advisory | |
| http://secunia.com/advisories/62925 | Third Party Advisory | |
| http://www.securityfocus.com/bid/72497 | Vdb Entry | |
| http://www.securitytracker.com/id/1031709 | Vdb Entry | |
| https://code.google.com/p/chromium/issues/detail?id=453982 | X_refsource_confirm | |
| https://codereview.chromium.org/889323002 | X_refsource_confirm | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/100717 | Vdb Entry |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html | 2023-11-07 | |
| http://rhn.redhat.com/errata/RHSA-2015-0163.html | 2023-11-07 | |
| http://security.gentoo.org/glsa/glsa-201502-13.xml | 2023-11-07 | |
| http://www.ubuntu.com/usn/USN-2495-1 | 2023-11-07 | |
| https://access.redhat.com/security/cve/CVE-2015-1211 | 2015-02-10 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1190125 | 2015-02-10 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 40.0.2214.111 Search vendor "Google" for product "Chrome" and version " < 40.0.2214.111" | - |
Affected
| in | Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | - | - |
Safe
|
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 40.0.2214.111 Search vendor "Google" for product "Chrome" and version " < 40.0.2214.111" | - |
Affected
| in | Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | - | - |
Safe
|
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 40.0.2214.111 Search vendor "Google" for product "Chrome" and version " < 40.0.2214.111" | - |
Affected
| in | Microsoft Search vendor "Microsoft" | Windows Search vendor "Microsoft" for product "Windows" | - | - |
Safe
|
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | < 40.0.2214.109 Search vendor "Google" for product "Chrome" and version " < 40.0.2214.109" | android |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | esm |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.10" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Eus Search vendor "Redhat" for product "Enterprise Linux Eus" | 6.6 Search vendor "Redhat" for product "Enterprise Linux Eus" and version "6.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Server Aus Search vendor "Redhat" for product "Enterprise Linux Server Aus" | 6.6 Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.6" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation" | 6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.1 Search vendor "Opensuse" for product "Opensuse" and version "13.1" | - |
Affected
| ||||||
| Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.2 Search vendor "Opensuse" for product "Opensuse" and version "13.2" | - |
Affected
| ||||||