CVE-2015-1236

EUVD-2015-1377
The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
Affected Products (NVD)
VendorProductVersion
googlechrome
𝑥
≤ 42.0.2311.60
canonicalubuntu_linux
14.04
canonicalubuntu_linux
14.10
canonicalubuntu_linux
15.04
debiandebian_linux
8.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
lucid
ignored
precise
ignored
trusty
Fixed 43.0.2357.81-0ubuntu0.14.04.1.1089
released
utopic
Fixed 43.0.2357.81-0ubuntu0.14.10.1.1131
released
vivid
Fixed 43.0.2357.81-0ubuntu0.15.04.1.1170
released
wily
Fixed 43.0.2357.81-0ubuntu1.1179
released
oxide-qt
lucid
dne
precise
dne
trusty
Fixed 1.6.5-0ubuntu0.14.04.1
released
utopic
Fixed 1.6.5-0ubuntu0.14.10.1
released
vivid
Fixed 1.6.5-0ubuntu0.15.04.1
released
wily
Fixed 1.7.7-0ubuntu0.15.04.1~ppa1
released
Common Weakness Enumeration
References
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html
http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html
http://rhn.redhat.com/errata/RHSA-2015-0816.html
http://ubuntu.com/usn/usn-2570-1
http://www.debian.org/security/2015/dsa-3238
http://www.securitytracker.com/id/1032209
https://code.google.com/p/chromium/issues/detail?id=313939
https://security.gentoo.org/glsa/201506-04
https://src.chromium.org/viewvc/blink?revision=189527&view=revision
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html
http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html
http://rhn.redhat.com/errata/RHSA-2015-0816.html
http://ubuntu.com/usn/usn-2570-1
http://www.debian.org/security/2015/dsa-3238
http://www.securitytracker.com/id/1032209
https://code.google.com/p/chromium/issues/detail?id=313939
https://security.gentoo.org/glsa/201506-04
https://src.chromium.org/viewvc/blink?revision=189527&view=revision