CVE-2015-1233 - OpenCVE

Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel
Microsoft	Windows
Google	Chrome
Apple	Macos

Configuration 1 [-]

AND

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:apple:macos::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:microsoft:windows::::::::

References

Link	Resource
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html
http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00004.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html
http://rhn.redhat.com/errata/RHSA-2015-0778.html
http://www.securityfocus.com/bid/73484
http://www.securitytracker.com/id/1032012
http://www.ubuntu.com/usn/USN-2556-1
https://code.google.com/p/chromium/issues/detail?id=469058
https://security.gentoo.org/glsa/201506-04

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: Chrome

Published: 2015-04-01T21:00:00

Updated: 2016-12-20T16:57:01

Reserved: 2015-01-21T00:00:00

Link: CVE-2015-1233

JSON object: View

NVD Information

Status : Modified

Published: 2015-04-01T21:59:00.067

Modified: 2023-11-07T02:24:16.857

Link: CVE-2015-1233

JSON object: View

Redhat Information

No data.

CWE

CWE-17

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-04-01T00:00:00", "descriptions": [{"lang": "en", "value": "Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-20T16:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/p/chromium/issues/detail?id=469058"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html"}, {"name": "openSUSE-SU-2015:1887", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html"}, {"name": "USN-2556-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-2556-1"}, {"name": "GLSA-201506-04", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201506-04"}, {"name": "openSUSE-SU-2015:0682", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00004.html"}, {"name": "1032012", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032012"}, {"name": "RHSA-2015:0778", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0778.html"}, {"name": "73484", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/73484"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2015-1233", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://code.google.com/p/chromium/issues/detail?id=469058", "refsource": "CONFIRM", "url": "https://code.google.com/p/chromium/issues/detail?id=469058"}, {"name": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html"}, {"name": "openSUSE-SU-2015:1887", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html"}, {"name": "USN-2556-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-2556-1"}, {"name": "GLSA-201506-04", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201506-04"}, {"name": "openSUSE-SU-2015:0682", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00004.html"}, {"name": "1032012", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032012"}, {"name": "RHSA-2015:0778", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0778.html"}, {"name": "73484", "refsource": "BID", "url": "http://www.securityfocus.com/bid/73484"}]}}}}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2015-1233", "datePublished": "2015-04-01T21:00:00", "dateReserved": "2015-01-21T00:00:00", "dateUpdated": "2016-12-20T16:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "1CC5EBD4-B7ED-4C4D-9241-C20CC9CC948F", "versionEndIncluding": "41.0.2272.102", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C56F007-5F8E-4BDD-A803-C907BCC0AF55", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "155AD4FB-E527-4103-BCEF-801B653DEA37", "vulnerable": false}, {"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors."}, {"lang": "es", "value": "Google Chrome anterior a 41.0.2272.118 no maneja correctamente la interacci\u00f3n de IPC, la API Gamepad y Google V8, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de vectores no especificados."}], "id": "CVE-2015-1233", "lastModified": "2023-11-07T02:24:16.857", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-04-01T21:59:00.067", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00004.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://rhn.redhat.com/errata/RHSA-2015-0778.html"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securityfocus.com/bid/73484"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securitytracker.com/id/1032012"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.ubuntu.com/usn/USN-2556-1"}, {"source": "chrome-cve-admin@google.com", "url": "https://code.google.com/p/chromium/issues/detail?id=469058"}, {"source": "chrome-cve-admin@google.com", "url": "https://security.gentoo.org/glsa/201506-04"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-17"}], "source": "nvd@nist.gov", "type": "Primary"}]}