Vulnerability Details : CVE-2015-1300
The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive information via crafted JavaScript code that leverages a history.back call.
Products affected by CVE-2015-1300
- cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2015-1300
0.52%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 74 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-1300
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2015-1300
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-1300
-
https://code.google.com/p/chromium/issues/detail?id=511616
511616 - Security: Performance APIs reveal cross-origin URLs. - chromium - Monorail
-
http://www.securitytracker.com/id/1033472
Google Chrome Multiple Bugs Let Remote Users Execute Arbitrary Code, Bypass Security Restrictions, Obtain Potentially Sensitive Information, and Spoof Content - SecurityTracker
-
http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html
openSUSE-SU-2015:1873-1: moderate: Security update for Chromium
-
http://rhn.redhat.com/errata/RHSA-2015-1712.html
RHSA-2015:1712 - Security Advisory - Red Hat Customer Portal
-
http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html
Chrome Releases: Stable Channel UpdatePatch;Vendor Advisory
-
http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html
openSUSE-SU-2015:1586-1: moderate: Security update for Chromium
-
https://security.gentoo.org/glsa/201603-09
Chromium: Multiple vulnerabilities (GLSA 201603-09) — Gentoo security
-
https://github.com/w3c/resource-timing/issues/29
Cached redirects + History traversal reveal cross-origin URLs · Issue #29 · w3c/resource-timing · GitHub
-
https://src.chromium.org/viewvc/blink?revision=199553&view=revision
[blink] Revision 199553
-
http://www.debian.org/security/2015/dsa-3351
Debian -- Security Information -- DSA-3351-1 chromium-browser
Jump to