QwikSec

Security Database

CVE

CWE

Training

CVE-2015-1286

Published: Jul 23, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context restriction, aka a Blink "Universal XSS (UXSS)."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_REDHAT

https://codereview.chromium.org/1235863003/

x_refsource_CONFIRM

openSUSE-SU-2015:1287

vendor-advisory

x_refsource_SUSE

vdb-entry

x_refsource_SECTRACK

https://code.google.com/p/chromium/issues/detail?id=504011

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

https://codereview.chromium.org/1231803002/

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.