CVE-2015-1268

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 43.0.2357.130 Opera (affected versions not specified)

Description The issue is related to the bindings/scripts/v8 types.py file in Blink, which does not properly select a creation context for a return value's DOM wrapper. This allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code, for example, by using a data: URL. The vulnerability can be exploited by a remote attacker to bypass access restrictions using JavaScript that utilizes the Blink API.

Recommendations For Google Chrome versions prior to 43.0.2357.130, update to version 43.0.2357.130 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.