The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Chrome
Published: 2015-02-06T11:00:00
Updated: 2017-09-07T15:57:01
Reserved: 2015-01-21T00:00:00
Link: CVE-2015-1211
JSON object: View
NVD Information
Status : Modified
Published: 2015-02-06T11:59:09.247
Modified: 2023-11-07T02:24:07.283
Link: CVE-2015-1211
JSON object: View
Redhat Information
No data.
CWE