CVE-2015-1261

android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL's fragment identifier during construction of a page-info popup, which allows remote attackers to spoof the URL bar or deliver misleading popup content via crafted text.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html
http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html
http://www.debian.org/security/2015/dsa-3267
http://www.securityfocus.com/bid/74723
http://www.securitytracker.com/id/1032375
https://code.google.com/p/chromium/issues/detail?id=466351
https://codereview.chromium.org/1011383005
https://codereview.chromium.org/1056743002
https://codereview.chromium.org/1077483002
http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html
http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html
http://www.debian.org/security/2015/dsa-3267
http://www.securityfocus.com/bid/74723
http://www.securitytracker.com/id/1032375
https://code.google.com/p/chromium/issues/detail?id=466351
https://codereview.chromium.org/1011383005
https://codereview.chromium.org/1056743002
https://codereview.chromium.org/1077483002

Configurations

Configuration 1 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:google:chrome:*:*:*:*:*:android:*:*

History

21 Nov 2024, 02:25

Type	Values Removed	Values Added
References	~~() http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html -~~	() http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html -
References	~~() http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html -~~	() http://lists.opensuse.org/opensuse-updates/2015-05/msg00091.html -
References	~~() http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html -~~	() http://lists.opensuse.org/opensuse-updates/2015-11/msg00015.html -
References	~~() http://www.debian.org/security/2015/dsa-3267 -~~	() http://www.debian.org/security/2015/dsa-3267 -
References	~~() http://www.securityfocus.com/bid/74723 -~~	() http://www.securityfocus.com/bid/74723 -
References	~~() http://www.securitytracker.com/id/1032375 -~~	() http://www.securitytracker.com/id/1032375 -
References	~~() https://code.google.com/p/chromium/issues/detail?id=466351 -~~	() https://code.google.com/p/chromium/issues/detail?id=466351 -
References	~~() https://codereview.chromium.org/1011383005 -~~	() https://codereview.chromium.org/1011383005 -
References	~~() https://codereview.chromium.org/1056743002 -~~	() https://codereview.chromium.org/1056743002 -
References	~~() https://codereview.chromium.org/1077483002 -~~	() https://codereview.chromium.org/1077483002 -

Information

Published : 2015-05-20 10:59

Updated : 2024-11-21 02:25

NVD link : CVE-2015-1261

Mitre link : CVE-2015-1261

CVE.ORG link : CVE-2015-1261

JSON object : View

Products Affected

google

chrome

debian

debian_linux

CWE

CWE-20

Improper Input Validation

5.0 /10