Vulnerability Details : CVE-2015-1209
Potential exploit
Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2015-1209
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.6:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
- cpe:2.3:a:google:chrome:*:*:*:*:*:android:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-1209
1.02%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 76 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-1209
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2015-1209
-
The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-1209
-
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html
[security-announce] openSUSE-SU-2015:0441-1: important: Security updateMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2015-0163.html
RHSA-2015:0163 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
https://src.chromium.org/viewvc/blink?revision=188788&view=revision
[blink] Revision 188788Patch;Vendor Advisory
-
http://www.ubuntu.com/usn/USN-2495-1
USN-2495-1: Oxide vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/100715
Google Chrome DOM code execution CVE-2015-1209 Vulnerability ReportVDB Entry
-
http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html
Chrome Releases: Stable Channel UpdateVendor Advisory
-
http://www.securityfocus.com/bid/72497
Google Chrome Prior to 40.0.2214.109 Multiple Security VulnerabilitiesThird Party Advisory;VDB Entry
-
http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html
Chrome Releases: Chrome for Android UpdateVendor Advisory
-
http://www.securitytracker.com/id/1031709
Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code and Bypass Same-Origin Restrictions - SecurityTrackerThird Party Advisory;VDB Entry
-
http://security.gentoo.org/glsa/glsa-201502-13.xml
Chromium: Multiple vulnerabilities (GLSA 201502-13) — Gentoo securityThird Party Advisory
-
https://code.google.com/p/chromium/issues/detail?id=447906
447906 - Heap-use-after-free in blink::DateTimeEditElement::~DateTimeEditElement - chromium - MonorailExploit;Issue Tracking;Patch;Vendor Advisory
Jump to