Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2015-1300

The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive information via crafted JavaScript code that leverages a history.back call.

Related bugs and status

CVE-2015-1300 (Candidate) is related to these bugs:

Bug #1490237: Google image search not working

Summary				In	Importance	Status
	1490237	Google image search not working		chromium-browser (Ubuntu)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://googlechromerel...
CONFIRM: https://code.google.co...
MISC: https://github.com/w3c...
GENTOO: GLSA-201603-09
SUSE: openSUSE-SU-2015:1873
DEBIAN: DSA-3351
REDHAT: RHSA-2015:1712
SUSE: openSUSE-SU-2015:1586
SECTRACK: 1033472
CONFIRM: https://src.chromium.o...