CVE-2015-1235

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 42.0.2311.90 Opera (affected versions not specified)

Description The issue is related to the ContainerNode::parserRemoveChild function in the HTML parser in Blink. It allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME element. This could potentially allow an attacker to access data from other domains.

Recommendations For Google Chrome versions prior to 42.0.2311.90, update to version 42.0.2311.90 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of IFRAME elements in HTML documents to minimize the risk of exploitation.