Opera · Opera · CVE-2015-1236
**Name of the Vulnerable Software and Affected Versions**
Google Chrome versions prior to 42.0.2311.90
Opera (affected versions not specified)
**Description**
The issue concerns the MediaElementAudioSourceNode::process function in the Web Audio API implementation in Blink. This function allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element.
**Recommendations**
For Google Chrome versions prior to 42.0.2311.90, update to version 42.0.2311.90 or later to resolve the issue.
For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.