Google Chrome bypassing same-origin policy vulnerabilities (CVE-2015-1268)
Google Chrome bypassing same-origin policy vulnerabilities (CVE-2015-1268)
Release date:
Updated on:
Affected Systems:
Google Chrome < 43.0.2357.130
Description:
CVE (CAN) ID: CVE-2015-1268
Google Chrome is a Web browser tool developed by Google.
In versions earlier than Google Chrome 43.0.2357.130, bindings/scripts/v8_types.py in Blink does not properly select the creation context of the returned DOM package, which allows remote attackers to construct JS Code, this vulnerability bypasses the same-origin policy.
<* Source: Mariusz Mlynski
*>
Suggestion:
Vendor patch:
Google
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://googlechromereleases.blogspot.com/2015/06/chrome-stable-update.html
Https://src.chromium.org/viewvc/blink? Revision = 196373 & view = revision
Https://code.google.com/p/chromium/issues/detail? Id = 494640
Install Google Chrome in Ubuntu 14.04 LTS
Solution to Chrome dependency installation in Ubuntu 13.04
Install Chrome in openSUSE
Install Google Chrome 35 Beta for Linux Users
Install Google Chrome in CentOS 6.x
Chrome details: click here
Chrome: click here
This article permanently updates the link address: