PT-2015-1200 · Google+2 · Google Chrome+2

Juho Nurminen

Publicado

2015-05-20

Atualizado

2024-06-15

CVE-2015-1261

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 43.0.2357.65 on Android

Description The issue concerns the WebsiteSettingsPopup.java file in Google Chrome, which does not properly restrict the use of a URL's fragment identifier during the construction of a page-info popup. This allows remote attackers to spoof the URL bar or deliver misleading popup content via crafted text.

Recommendations For versions prior to 43.0.2357.65, update to version 43.0.2357.65 or later to resolve the issue.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

ALT-PU-2015-1589

BDU:2015-10134

CVE-2015-1261

DSA-3267-1

OPENSUSE-SU-2024:10171-1

OPENSUSE-SU-2024:12948-1

RHSA-2015:1023

RHSA-2015_1023

Produtos afetados

Alt Linux

Google Chrome

Red Hat

PT-2015-1200 · Google+2 · Google Chrome+2

CVE-2015-1261

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2449