QwikSec

Security Database

CVE

CWE

Training

CVE-2015-1304

Published: Oct 12, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_UBUNTU

http://googlechromereleases.blogspot.com/2015/09/stable-channel-update_24.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

openSUSE-SU-2015:1719

vendor-advisory

x_refsource_SUSE

https://code.google.com/p/chromium/issues/detail?id=531891

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

https://chromium.googlesource.com/v8/v8/+/9b0fb52b57021473aa813f3fb99ad7384a8b86f1

x_refsource_CONFIRM

vendor-advisory

x_refsource_GENTOO

openSUSE-SU-2015:1876

vendor-advisory

x_refsource_SUSE

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.