CVE-2015-1266

Impact:
Important
Public Date:
2015-06-22
Bugzilla:
1234696: CVE-2015-1266 chromium-browser: Scheme validation error in WebUI

The MITRE CVE dictionary describes this issue as:

content/browser/webui/content_web_ui_controller_factory.cc in Google Chrome before 43.0.2357.130 does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance, which allows remote attackers to bypass intended access restrictions via a similar URL, as demonstrated by use of http://gpu when there is a WebUI class for handling chrome://gpu requests.

Find out more about CVE-2015-1266 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 6.8
Base Metrics AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux Supplementary (v. 6) (chromium-browser) RHSA-2015:1188 2015-06-25

External References

Last Modified

CVE description copyright © 2017, The MITRE Corporation