Max CVSS 5.0 Min CVSS 4.3 Total Count2
IDCVSSSummaryLast (major) updatePublished
CVE-2015-1268 5.0
bindings/scripts/v8_types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value's DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript
31-12-2016 - 02:59 26-06-2015 - 14:59
CVE-2015-1266 5.0
content/browser/webui/content_web_ui_controller_factory.cc in Google Chrome before 43.0.2357.130 does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance, which allows remote attackers to bypass inten
31-12-2016 - 02:59 26-06-2015 - 14:59
CVE-2015-1267 5.0
Blink, as used in Google Chrome before 43.0.2357.130, does not properly restrict the creation context during creation of a DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that uses a Blink publi
31-12-2016 - 02:59 26-06-2015 - 14:59
CVE-2015-1269 4.3
The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to b
31-12-2016 - 02:59 26-06-2015 - 14:59
Back to Top Mark selected
Back to Top