// For flags

CVE-2015-1212

chromium-browser: various security fixes in Chrome 40.0.2214.111

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android allow attackers to cause a denial of service or possibly have other impact via unknown vectors.

Múltiples vulnerabilidades no especificados en Google Chrome before 40.0.2214.111 en Windows, OS X, y Linux y anterior a 40.0.2214.109 en Android permiten a atacantes causar una denegación de servicio o posiblemente tener otro impacto a través de vectores desconocidos.

A use-after-free bug was discovered in the DOM implementation in Blink. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service via renderer crash or execute arbitrary code with the privileges of the sandboxed render process. It was discovered that V8 did not properly consider frame access restrictions when throwing exceptions in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same origin restrictions. Various other issues were also addressed.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2015-01-21 CVE Reserved
  • 2015-02-06 CVE Published
  • 2024-08-06 CVE Updated
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
CAPEC
References (22)
URL Tag Source
http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html X_refsource_confirm
http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html X_refsource_confirm
http://secunia.com/advisories/62670 Third Party Advisory
http://secunia.com/advisories/62818 Third Party Advisory
http://secunia.com/advisories/62917 Third Party Advisory
http://secunia.com/advisories/62925 Third Party Advisory
http://www.securityfocus.com/bid/72497 Vdb Entry
http://www.securitytracker.com/id/1031709 Vdb Entry
https://code.google.com/p/chromium/issues/detail?id=427303 X_refsource_confirm
https://code.google.com/p/chromium/issues/detail?id=438365 X_refsource_confirm
https://code.google.com/p/chromium/issues/detail?id=445679 X_refsource_confirm
https://code.google.com/p/chromium/issues/detail?id=446459 X_refsource_confirm
https://code.google.com/p/chromium/issues/detail?id=451684 X_refsource_confirm
https://code.google.com/p/chromium/issues/detail?id=451918 X_refsource_confirm
https://code.google.com/p/chromium/issues/detail?id=455225 X_refsource_confirm
https://exchange.xforce.ibmcloud.com/vulnerabilities/100718 Vdb Entry
URL Date SRC
URL Date SRC
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html 2023-11-07
http://rhn.redhat.com/errata/RHSA-2015-0163.html 2023-11-07
http://security.gentoo.org/glsa/glsa-201502-13.xml 2023-11-07
http://www.ubuntu.com/usn/USN-2495-1 2023-11-07
https://access.redhat.com/security/cve/CVE-2015-1212 2015-02-10
https://bugzilla.redhat.com/show_bug.cgi?id=1190158 2015-02-10
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Google
Search vendor "Google"
 Chrome
Search vendor "Google" for product "Chrome"
 < 40.0.2214.111
Search vendor "Google" for product "Chrome" and version " < 40.0.2214.111"
-
Affected
in Apple
Search vendor "Apple"
 Macos
Search vendor "Apple" for product "Macos"
--
Safe
Google
Search vendor "Google"
 Chrome
Search vendor "Google" for product "Chrome"
 < 40.0.2214.111
Search vendor "Google" for product "Chrome" and version " < 40.0.2214.111"
-
Affected
in Linux
Search vendor "Linux"
 Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
--
Safe
Google
Search vendor "Google"
 Chrome
Search vendor "Google" for product "Chrome"
 < 40.0.2214.111
Search vendor "Google" for product "Chrome" and version " < 40.0.2214.111"
-
Affected
in Microsoft
Search vendor "Microsoft"
 Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Google
Search vendor "Google"
 Chrome
Search vendor "Google" for product "Chrome"
 < 40.0.2214.109
Search vendor "Google" for product "Chrome" and version " < 40.0.2214.109"
android
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 14.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"
esm
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 14.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.10"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
 6.0
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Eus
Search vendor "Redhat" for product "Enterprise Linux Eus"
 6.6
Search vendor "Redhat" for product "Enterprise Linux Eus" and version "6.6"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server
Search vendor "Redhat" for product "Enterprise Linux Server"
 6.0
Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server Aus
Search vendor "Redhat" for product "Enterprise Linux Server Aus"
 6.6
Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "6.6"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Workstation
Search vendor "Redhat" for product "Enterprise Linux Workstation"
 6.0
Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0"
-
Affected
Opensuse
Search vendor "Opensuse"
 Opensuse
Search vendor "Opensuse" for product "Opensuse"
 13.1
Search vendor "Opensuse" for product "Opensuse" and version "13.1"
-
Affected
Opensuse
Search vendor "Opensuse"
 Opensuse
Search vendor "Opensuse" for product "Opensuse"
 13.2
Search vendor "Opensuse" for product "Opensuse" and version "13.2"
-
Affected