Google Chrome bypassing same-origin policy vulnerabilities (CVE-2015-1268)

Google Chrome bypassing same-origin policy vulnerabilities (CVE-2015-1268)
Google Chrome bypassing same-origin policy vulnerabilities (CVE-2015-1268)

Release date:
Updated on:

Affected Systems:

Google Chrome < 43.0.2357.130

Description:

CVE (CAN) ID: CVE-2015-1268

Google Chrome is a Web browser tool developed by Google.

In versions earlier than Google Chrome 43.0.2357.130, bindings/scripts/v8_types.py in Blink does not properly select the creation context of the returned DOM package, which allows remote attackers to construct JS Code, this vulnerability bypasses the same-origin policy.

<* Source: Mariusz Mlynski
*>

Suggestion:

Vendor patch:

Google
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://googlechromereleases.blogspot.com/2015/06/chrome-stable-update.html
Https://src.chromium.org/viewvc/blink? Revision = 196373 & view = revision
Https://code.google.com/p/chromium/issues/detail? Id = 494640

Install Google Chrome in Ubuntu 14.04 LTS

Solution to Chrome dependency installation in Ubuntu 13.04

Install Chrome in openSUSE

Install Google Chrome 35 Beta for Linux Users

Install Google Chrome in CentOS 6.x

Chrome details: click here
Chrome: click here

This article permanently updates the link address: