CVE-2015-1267

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 43.0.2357.130

Description The issue is related to errors in security settings of the Blink component in Google Chrome, allowing a remote attacker to bypass access restrictions using JavaScript that utilizes the Blink API. This is achieved by exploiting improper restrictions on the creation context during the creation of a DOM wrapper, enabling remote attackers to bypass the Same Origin Policy via crafted JavaScript code. The affected components include WebArrayBufferConverter.cpp, WebBlob.cpp, WebDOMError.cpp, and WebDOMFileSystem.cpp.

Recommendations For Google Chrome versions prior to 43.0.2357.130, update to version 43.0.2357.130 or later to resolve the issue. As a temporary workaround, consider restricting the use of JavaScript code that utilizes the Blink public API until a patch is available.