{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-04-14T00:00:00", "descriptions": [{"lang": "en", "value": "The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-30T16:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"name": "RHSA-2015:0816", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0816.html"}, {"name": "DSA-3238", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2015/dsa-3238"}, {"name": "openSUSE-SU-2015:1887", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html"}, {"name": "GLSA-201506-04", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201506-04"}, {"name": "1032209", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032209"}, {"name": "openSUSE-SU-2015:0748", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/p/chromium/issues/detail?id=380663"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2015-1248", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2015:0816", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0816.html"}, {"name": "DSA-3238", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2015/dsa-3238"}, {"name": "openSUSE-SU-2015:1887", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html"}, {"name": "GLSA-201506-04", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201506-04"}, {"name": "1032209", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032209"}, {"name": "openSUSE-SU-2015:0748", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html"}, {"name": "https://code.google.com/p/chromium/issues/detail?id=380663", "refsource": "CONFIRM", "url": "https://code.google.com/p/chromium/issues/detail?id=380663"}, {"name": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T04:40:16.982Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2015:0816", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0816.html"}, {"name": "DSA-3238", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2015/dsa-3238"}, {"name": "openSUSE-SU-2015:1887", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html"}, {"name": "GLSA-201506-04", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201506-04"}, {"name": "1032209", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1032209"}, {"name": "openSUSE-SU-2015:0748", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.google.com/p/chromium/issues/detail?id=380663"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2015-1248", "datePublished": "2015-04-19T10:00:00", "dateReserved": "2015-01-21T00:00:00", "dateUpdated": "2024-08-06T04:40:16.982Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "B248CC65-0394-4432-9520-52E99C17EA4A", "versionEndIncluding": "40.0.2214.85", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL."}, {"lang": "es", "value": "La API FileSystem en Google Chrome anterior a 40.0.2214.91 permite a atacantes remotos evadir el mecanismo de protecci\u00f3n de la navegaci\u00f3n segura para ficheros ejecutables (SafeBrowsing for Executable Files) mediante la creaci\u00f3n de un fichero .exe en un sistema de ficheros temporal y posteriormente hacer referencia a este fichero con una URL filesystem:http:."}], "id": "CVE-2015-1248", "lastModified": "2023-11-07T02:24:23.383", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2015-04-19T10:59:11.443", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0816.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.debian.org/security/2015/dsa-3238"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securitytracker.com/id/1032209"}, {"source": "chrome-cve-admin@google.com", "url": "https://code.google.com/p/chromium/issues/detail?id=380663"}, {"source": "chrome-cve-admin@google.com", "url": "https://security.gentoo.org/glsa/201506-04"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2015:0816", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "chromium-browser-0:42.0.2311.90-1.el6_6", "product_name": "Supplementary for Red Hat Enterprise Linux 6", "release_date": "2015-04-16T00:00:00Z"}], "bugzilla": {"description": "chromium-browser: SafeBrowsing bypass", "id": "1211930", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1211930"}, "csaw": false, "cvss": {"cvss_base_score": "6.4", "cvss_scoring_vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "status": "verified"}, "cwe": "CWE-352", "details": ["The FileSystem API in Google Chrome before 40.0.2214.91 allows remote attackers to bypass the SafeBrowsing for Executable Files protection mechanism by creating a .exe file in a temporary filesystem and then referencing this file with a filesystem:http: URL."], "name": "CVE-2015-1248", "public_date": "2015-04-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2015-1248\nhttps://nvd.nist.gov/vuln/detail/CVE-2015-1248\nhttp://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html"], "threat_severity": "Moderate", "upstream_fix": "Chrome 42.0.2311.90"}