{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-02-04T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-07T15:57:01.000Z", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"name": "google-chrome-cve20151209-code-exec(100715)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100715"}, {"name": "72497", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/72497"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html"}, {"name": "62818", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62818"}, {"name": "62925", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62925"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html"}, {"name": "GLSA-201502-13", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/p/chromium/issues/detail?id=447906"}, {"name": "62917", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62917"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://src.chromium.org/viewvc/blink?revision=188788&view=revision"}, {"name": "RHSA-2015:0163", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0163.html"}, {"name": "62670", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/62670"}, {"name": "1031709", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1031709"}, {"name": "openSUSE-SU-2015:0441", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"}, {"name": "USN-2495-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2495-1"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2015-1209", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "google-chrome-cve20151209-code-exec(100715)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100715"}, {"name": "72497", "refsource": "BID", "url": "http://www.securityfocus.com/bid/72497"}, {"name": "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html"}, {"name": "62818", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62818"}, {"name": "62925", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62925"}, {"name": "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html"}, {"name": "GLSA-201502-13", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml"}, {"name": "https://code.google.com/p/chromium/issues/detail?id=447906", "refsource": "CONFIRM", "url": "https://code.google.com/p/chromium/issues/detail?id=447906"}, {"name": "62917", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62917"}, {"name": "https://src.chromium.org/viewvc/blink?revision=188788&view=revision", "refsource": "CONFIRM", "url": "https://src.chromium.org/viewvc/blink?revision=188788&view=revision"}, {"name": "RHSA-2015:0163", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0163.html"}, {"name": "62670", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/62670"}, {"name": "1031709", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1031709"}, {"name": "openSUSE-SU-2015:0441", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"}, {"name": "USN-2495-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2495-1"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:33:20.683Z"}, "title": "CVE Program Container", "references": [{"name": "google-chrome-cve20151209-code-exec(100715)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100715"}, {"name": "72497", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/72497"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html"}, {"name": "62818", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62818"}, {"name": "62925", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62925"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html"}, {"name": "GLSA-201502-13", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.google.com/p/chromium/issues/detail?id=447906"}, {"name": "62917", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62917"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://src.chromium.org/viewvc/blink?revision=188788&view=revision"}, {"name": "RHSA-2015:0163", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0163.html"}, {"name": "62670", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/62670"}, {"name": "1031709", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1031709"}, {"name": "openSUSE-SU-2015:0441", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"}, {"name": "USN-2495-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-2495-1"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2015-1209", "datePublished": "2015-02-06T11:00:00.000Z", "dateReserved": "2015-01-21T00:00:00.000Z", "dateUpdated": "2024-08-06T04:33:20.683Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:android:*:*", "matchCriteriaId": "DFDE8F2F-775A-4C8B-B332-B00E82A3BAB6", "versionEndExcluding": "40.0.2214.109", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "855BFB6F-F192-4D7C-A07E-8311EC8C9A4D", "versionEndExcluding": "40.0.2214.111", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*", "matchCriteriaId": "387021A0-AF36-463C-A605-32EA7DAC172E", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*", "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*", "matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "319EC0C6-94C5-494A-9C5D-DC5124DFC8E1", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*", "matchCriteriaId": "16E6D998-B41D-4B49-9E00-8336D2E40A4A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*", "matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*", "matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor."}, {"lang": "es", "value": "Vulnerabilidad de uso despu\u00e9s de liberaci\u00f3n en la funci\u00f3n VisibleSelection::nonBoundaryShadowTreeRootNode en core/editing/VisibleSelection.cpp en la implementaci\u00f3n DOM en Blink, utilizado en Google Chrome anterior a 40.0.2214.111 en Windows, OS X, y Linux y anterior a 40.0.2214.109 en Android, permite a atacantes remotos causar una denegaci\u00f3n de servicio o posiblemente tener otro impacto no especificado a trav\u00e9s de c\u00f3digo JavaScript manipulado que provoca el manejo incorrecto de una ancla shadow-root."}], "id": "CVE-2015-1209", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-02-06T11:59:07.497", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0163.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://secunia.com/advisories/62670"}, {"source": "chrome-cve-admin@google.com", "url": "http://secunia.com/advisories/62818"}, {"source": "chrome-cve-admin@google.com", "url": "http://secunia.com/advisories/62917"}, {"source": "chrome-cve-admin@google.com", "url": "http://secunia.com/advisories/62925"}, {"source": "chrome-cve-admin@google.com", "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securityfocus.com/bid/72497"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securitytracker.com/id/1031709"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.ubuntu.com/usn/USN-2495-1"}, {"source": "chrome-cve-admin@google.com", "url": "https://code.google.com/p/chromium/issues/detail?id=447906"}, {"source": "chrome-cve-admin@google.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100715"}, {"source": "chrome-cve-admin@google.com", "url": "https://src.chromium.org/viewvc/blink?revision=188788&view=revision"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2015-0163.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/62670"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/62818"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/62917"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/62925"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-201502-13.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/72497"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1031709"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.ubuntu.com/usn/USN-2495-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://code.google.com/p/chromium/issues/detail?id=447906"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/100715"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://src.chromium.org/viewvc/blink?revision=188788&view=revision"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2015:0163", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "chromium-browser-0:40.0.2214.111-1.el6_6", "product_name": "Supplementary for Red Hat Enterprise Linux 6", "release_date": "2015-02-10T00:00:00Z"}], "bugzilla": {"description": "chromium-browser: use-after-free in DOM", "id": "1190123", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1190123"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "verified"}, "cwe": "CWE-416", "details": ["Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor."], "name": "CVE-2015-1209", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Will not fix", "impact": "moderate", "package_name": "webkitgtk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "impact": "moderate", "package_name": "webkitgtk3", "product_name": "Red Hat Enterprise Linux 7"}], "public_date": "2015-02-04T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-1209\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1209\nhttp://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html"], "statement": "This issue affects the versions of webkitgtk and webkitgtk3 as shipped with Red Hat Enterprise Linux 6 and 7 respectively.\nRed Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Important"}

{}