CVE-2015-3336
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
Google Chrome before 42.0.2311.90 does not always ask the user before proceeding with CONTENT_SETTINGS_TYPE_FULLSCREEN and CONTENT_SETTINGS_TYPE_MOUSELOCK changes, which allows user-assisted remote attackers to cause a denial of service (UI disruption) by constructing a crafted HTML document containing JavaScript code with requestFullScreen and requestPointerLock calls, and arranging for the user to access this document with a file: URL.
Google Chrome anterior a 42.0.2311.90 no siempre pregunta al usuario antes de proceder con cambios de CONTENT_SETTINGS_TYPE_FULLSCREEN y CONTENT_SETTINGS_TYPE_MOUSELOCK, lo que permite a atacantes remotos asistidos por usuario causar una denegación de servicio (interrupción de la interfaz del usuario) mediante la construcción de un documento HTML manipulado que contiene código JavaScript con llamadas requestFullScreen y requestPointerLock, y la organización del acceso del usuario a este documento con una URL file:.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-04-19 CVE Reserved
- 2015-04-19 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (5)
URL | Tag | Source |
---|---|---|
http://www.securityfocus.com/bid/74227 | Third Party Advisory |
URL | Date | SRC |
---|---|---|
https://code.google.com/p/chromium/issues/detail?id=455953 | 2024-08-06 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html | 2018-10-30 | |
http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html | 2018-10-30 | |
http://www.debian.org/security/2015/dsa-3238 | 2018-10-30 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | <= 42.0.2311.60 Search vendor "Google" for product "Chrome" and version " <= 42.0.2311.60" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.1 Search vendor "Opensuse" for product "Opensuse" and version "13.1" | - |
Affected
| ||||||
Opensuse Search vendor "Opensuse" | Opensuse Search vendor "Opensuse" for product "Opensuse" | 13.2 Search vendor "Opensuse" for product "Opensuse" and version "13.2" | - |
Affected
|