CVE-2015-1293

Upstream information

CVE-2015-1293 at MITRE

Description

The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors.

---

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores

	National Vulnerability Database
Base Score	7.5
Vector	AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector	Network
Access Complexity	Low
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	Partial
Availability Impact	Partial

SUSE Bugzilla entry: 944144 [RESOLVED / FIXED]

SUSE Security Advisories:

• openSUSE-SU-2015:1586-1, published Mon, 21 Sep 2015 13:10:03 +0200 (CEST)
• openSUSE-SU-2015:1873-1, published Mon, 2 Nov 2015 16:34:31 +0100 (CET)

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE 13.1	chromedriver >= 45.0.2454.85-98.1 chromedriver-debuginfo >= 45.0.2454.85-98.1 chromium >= 45.0.2454.85-98.1 chromium-debuginfo >= 45.0.2454.85-98.1 chromium-debugsource >= 45.0.2454.85-98.1 chromium-desktop-gnome >= 45.0.2454.85-98.1 chromium-desktop-kde >= 45.0.2454.85-98.1 chromium-ffmpegsumo >= 45.0.2454.85-98.1 chromium-ffmpegsumo-debuginfo >= 45.0.2454.85-98.1	Patchnames: openSUSE-2015-595
openSUSE Leap 15.0	chromium >= 66.0.3359.170-lp150.1.1	Patchnames: openSUSE Leap 15.0 GA chromium
openSUSE Tumbleweed	chromedriver >= 55.0.2883.75-3.1 chromium >= 55.0.2883.75-3.1	Patchnames: openSUSE Tumbleweed GA chromedriver