Upstream information
Description
content/browser/webui/content_web_ui_controller_factory.cc in Google Chrome before 43.0.2357.130 does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance, which allows remote attackers to bypass intended access restrictions via a similar URL, as demonstrated by use of http://gpu when there is a WebUI class for handling chrome://gpu requests.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
National Vulnerability Database | |
---|---|
Base Score | 5 |
Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Access Vector | Network |
Access Complexity | Low |
Authentication | None |
Confidentiality Impact | None |
Integrity Impact | Partial |
Availability Impact | None |
SUSE Security Advisories:
- openSUSE-SU-2015:1146-1
openSUSE-SU-2015:1872-1
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
openSUSE Leap 15.0 |
| Patchnames: openSUSE Leap 15.0 GA chromium-66.0.3359.170-lp150.1.1 |
openSUSE Leap 15.2 |
| Patchnames: openSUSE Leap 15.2 GA chromium-83.0.4103.97-lp152.1.1 |
openSUSE Leap 15.3 |
| Patchnames: openSUSE Leap 15.3 GA chromium-90.0.4430.212-bp153.1.1 |
openSUSE Leap 15.4 |
| Patchnames: openSUSE Leap 15.4 GA chromium-101.0.4951.64-bp154.1.2 |
openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2024-10171 openSUSE-Tumbleweed-2024-12948 |
SUSE Timeline for this CVE
CVE page created: Tue Jun 23 07:49:09 2015CVE page last modified: Sat Sep 7 19:15:42 2024