CVE-2015-1241 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:P/A:N

Base Score

CVSS 3.x

EPSS Score

Percentile: 85%

Affected Products (NVD)

Vendor	Product	Version
google	chrome	𝑥 < 42.0.2311.90
debian	debian_linux	8.0
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	14.10
canonical	ubuntu_linux	15.04
opensuse	opensuse	13.1
opensuse	opensuse	13.2
suse	linux_enterprise	12.0
redhat	enterprise_linux_desktop	6.0
redhat	enterprise_linux_eus	6.6
redhat	enterprise_linux_server	6.0
redhat	enterprise_linux_server_aus	6.6
redhat	enterprise_linux_server_eus	6.6
redhat	enterprise_linux_workstation	6.0

𝑥

= Vulnerable software versions

Ubuntu Releases

Ubuntu Product

Codename

chromium-browser

lucid	ignored
precise	ignored
trusty	Fixed 43.0.2357.81-0ubuntu0.14.04.1.1089 released
utopic	Fixed 43.0.2357.81-0ubuntu0.14.10.1.1131 released
vivid	Fixed 43.0.2357.81-0ubuntu0.15.04.1.1170 released
wily	Fixed 43.0.2357.81-0ubuntu1.1179 released

oxide-qt

lucid	dne
precise	dne
trusty	Fixed 1.6.5-0ubuntu0.14.04.1 released
utopic	Fixed 1.6.5-0ubuntu0.14.10.1 released
vivid	Fixed 1.6.5-0ubuntu0.15.04.1 released
wily	Fixed 1.7.7-0ubuntu0.15.04.1~ppa1 released

Known Exploits!

Common Weakness Enumeration

CWE-1021 - Improper Restriction of Rendered UI Layers or Frames
The web application does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with.

References

http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html

http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html

http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html

http://rhn.redhat.com/errata/RHSA-2015-0816.html

http://ubuntu.com/usn/usn-2570-1

http://www.debian.org/security/2015/dsa-3238

http://www.securitytracker.com/id/1032209

https://code.google.com/p/chromium/issues/detail?id=418402

https://codereview.chromium.org/628763003

https://codereview.chromium.org/660663002

https://codereview.chromium.org/717573004

https://codereview.chromium.org/868123002

https://security.gentoo.org/glsa/201506-04

http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html

http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html

http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html

http://rhn.redhat.com/errata/RHSA-2015-0816.html

http://ubuntu.com/usn/usn-2570-1

http://www.debian.org/security/2015/dsa-3238

http://www.securitytracker.com/id/1032209

https://code.google.com/p/chromium/issues/detail?id=418402

https://codereview.chromium.org/628763003

https://codereview.chromium.org/660663002

https://codereview.chromium.org/717573004

https://codereview.chromium.org/868123002

https://security.gentoo.org/glsa/201506-04