CVE-2015-1300

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 45.0.2454.85 Opera versions prior to 45.0.2454.85

Description The issue is related to the FrameFetchContext::updateTimingInfoForIFrameNavigation function in the Blink component of Google Chrome, which does not properly restrict the availability of IFRAME Resource Timing API times. This allows remote attackers to obtain sensitive information via crafted JavaScript code that leverages a history.back call. The vulnerability can be exploited by a remote attacker to gain access to protected information.

Recommendations For Google Chrome versions prior to 45.0.2454.85, update to version 45.0.2454.85 or later to resolve the issue. For Opera versions prior to 45.0.2454.85, update to a version that includes the fix for this issue, as the exact version is not specified. As a temporary workaround, consider restricting the use of the history.back call in crafted JavaScript code to minimize the risk of exploitation.