← back
CVE-2015-1211

CVE-2015-1211

EPSS 2.1%
The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.htmlhttp://googlechromereleases.blogspot.com/2015/02/stable-channel-update.htmlhttp://lists.opensuse.org/opensuse-security-announce/2015-03/msg00005.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0163.htmlhttps://code.google.com/p/chromium/issues/detail?id=453982https://codereview.chromium.org/889323002http://secunia.com/advisories/62670http://secunia.com/advisories/62818http://secunia.com/advisories/62917http://secunia.com/advisories/62925http://security.gentoo.org/glsa/glsa-201502-13.xmlhttps://exchange.xforce.ibmcloud.com/vulnerabilities/100717