CVE-2015-1211
The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI.Enginsight
Vendor | Product | Version |
---|---|---|
chrome | 𝑥 < 40.0.2214.111 | |
canonical | ubuntu_linux | 14.04 |
canonical | ubuntu_linux | 14.10 |
redhat | enterprise_linux_desktop | 6.0 |
redhat | enterprise_linux_eus | 6.6 |
redhat | enterprise_linux_server | 6.0 |
redhat | enterprise_linux_server_aus | 6.6 |
redhat | enterprise_linux_workstation | 6.0 |
opensuse | opensuse | 13.1 |
opensuse | opensuse | 13.2 |