CVE-2015-1302

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 46.0.2490.86

Description The issue exists due to insufficient input validation in the PDF viewer component of Google Chrome. This allows a remote attacker to bypass existing access restrictions or load a plugin by manipulating components such as pdf.js and out of process instance.cc. The vulnerability can be exploited to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading.

Recommendations For Google Chrome versions prior to 46.0.2490.86, update to version 46.0.2490.86 or later to resolve the issue. As a temporary workaround, consider disabling the pdf.js component until a patch is available. Restrict access to the out of process instance.cc component to minimize the risk of exploitation. Avoid using the PDF viewer in Google Chrome until the issue is resolved.