Vulnerability Details : CVE-2015-1295
Multiple use-after-free vulnerabilities in the PrintWebViewHelper class in components/printing/renderer/print_web_view_helper.cc in Google Chrome before 45.0.2454.85 allow user-assisted remote attackers to cause a denial of service or possibly have unspecified other impact by triggering nested IPC messages during preparation for printing, as demonstrated by messages associated with PDF documents in conjunction with messages about printer capabilities.
Vulnerability category: Memory CorruptionDenial of service
Products affected by CVE-2015-1295
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-1295
1.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 83 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-1295
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
References for CVE-2015-1295
-
http://www.securitytracker.com/id/1033472
Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code, Bypass Security Restrictions, Obtain Potentially Sensitive Information, and Spoof Content - SecurityTracker
-
http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html
openSUSE-SU-2015:1873-1: moderate: Security update for Chromium
-
http://rhn.redhat.com/errata/RHSA-2015-1712.html
RHSA-2015:1712 - Security Advisory - Red Hat Customer Portal
-
http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html
Chrome Releases: Stable Channel UpdatePatch;Vendor Advisory
-
http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html
openSUSE-SU-2015:1586-1: moderate: Security update for Chromium
-
https://security.gentoo.org/glsa/201603-09
Chromium: Multiple vulnerabilities (GLSA 201603-09) — Gentoo security
-
https://code.google.com/p/chromium/issues/detail?id=502562
502562 - Heap-use-after-free in WebLocalFrameImpl::printBegin - chromium - Monorail
-
https://codereview.chromium.org/1228693002/
Issue 1228693002: Crash on nested IPC handlers in PrintWebViewHelper - Code Review
-
http://www.debian.org/security/2015/dsa-3351
Debian -- Security Information -- DSA-3351-1 chromium-browser
Jump to