The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Google
  • Chrome
Redhat
  • Rhel Extras

Configuration 1 [-]

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 6 Supplementary
chromium-browser-0:45.0.2454.85-2.el6 cpe:/a:redhat:rhel_extras:6 RHSA-2015:1712 2015-09-03T00:00:00Z
References
Link Providers
http://googlechromereleases.blogspot.com/2015/09/stable-channel-update.html cve-icon cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2015-09/msg00029.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2015-11/msg00013.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2015-1712.html cve-icon cve-icon
http://www.debian.org/security/2015/dsa-3351 cve-icon cve-icon
http://www.securitytracker.com/id/1033472 cve-icon cve-icon
https://code.google.com/p/chromium/issues/detail?id=522791 cve-icon cve-icon
https://codereview.chromium.org/1307883002/ cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2015-1292 cve-icon
https://security.gentoo.org/glsa/201603-09 cve-icon cve-icon
https://src.chromium.org/viewvc/blink?revision=201055&view=revision cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2015-1292 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2015-09-03T22:00:00

Updated: 2024-08-06T04:40:18.569Z

Reserved: 2015-01-21T00:00:00

Link: CVE-2015-1292

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2015-09-03T22:59:01.937

Modified: 2024-11-21T02:25:05.390

Link: CVE-2015-1292

cve-icon Redhat

Severity : Important

Publid Date: 2015-09-01T00:00:00Z

Links: CVE-2015-1292 - Bugzilla