Google » Chrome : Security Vulnerabilities, CVEs, Published In 2015 (Gain Privilege) CVSS score >= 6

CVE-2015-1304

object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call.
Max CVSS
7.5
EPSS Score
1.38%
Published
2015-10-12
Updated
2016-12-24

CVE-2015-1253

core/html/parser/HTMLConstructionSite.cpp in the DOM implementation in Blink, as used in Google Chrome before 43.0.2357.65, allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that appends a child to a SCRIPT element, related to the insert and executeReparentTask functions.
Max CVSS
7.5
EPSS Score
1.55%
Published
2015-05-20
Updated
2017-01-03
2 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close