ID CVE-2015-1269
Summary The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to bypass intended access restrictions via a string that (1) ends in a . (dot) character or (2) is not entirely lowercase.
References
Vulnerable Configurations
  • Google Chrome 43.0.2357.81
    cpe:2.3:a:google:chrome:43.0.2357.81
CVSS
Base: 4.3 (as of 05-04-2016 - 14:40)
Impact:
Exploitability:
CWE CWE-254
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE PARTIAL NONE
nessus via4
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3315.NASL
    description Several vulnerabilities were discovered in the chromium web browser. - CVE-2015-1266 Intended access restrictions could be bypassed for certain URLs like chrome://gpu. - CVE-2015-1267 A way to bypass the Same Origin Policy was discovered. - CVE-2015-1268 Mariusz Mlynski also discovered a way to bypass the Same Origin Policy. - CVE-2015-1269 Mike Rudy discovered that hostnames were not properly compared in the HTTP Strict Transport Policy and HTTP Public Key Pinning features, which could allow those access restrictions to be bypassed. - CVE-2015-1270 Atte Kettunen discovered an uninitialized memory read in the ICU library. - CVE-2015-1271 cloudfuzzer discovered a buffer overflow in the pdfium library. - CVE-2015-1272 Chamal de Silva discovered race conditions in the GPU process implementation. - CVE-2015-1273 makosoft discovered a buffer overflow in openjpeg, which is used by the pdfium library embedded in chromium. - CVE-2015-1274 andrewm.bpi discovered that the auto-open list allowed certain file types to be executed immediately after download. - CVE-2015-1276 Colin Payne discovered a use-after-free issue in the IndexedDB implementation. - CVE-2015-1277 SkyLined discovered a use-after-free issue in chromium's accessibility implementation. - CVE-2015-1278 Chamal de Silva discovered a way to use PDF documents to spoof a URL. - CVE-2015-1279 mlafon discovered a buffer overflow in the pdfium library. - CVE-2015-1280 cloudfuzzer discovered a memory corruption issue in the SKIA library. - CVE-2015-1281 Masato Knugawa discovered a way to bypass the Content Security Policy. - CVE-2015-1282 Chamal de Silva discovered multiple use-after-free issues in the pdfium library. - CVE-2015-1283 Huzaifa Sidhpurwala discovered a buffer overflow in the expat library. - CVE-2015-1284 Atte Kettunen discovered that the maximum number of page frames was not correctly checked. - CVE-2015-1285 gazheyes discovered an information leak in the XSS auditor, which normally helps to prevent certain classes of cross-site scripting problems. - CVE-2015-1286 A cross-site scripting issue was discovered in the interface to the v8 JavaScript library. - CVE-2015-1287 filedescriptor discovered a way to bypass the Same Origin Policy. - CVE-2015-1288 Mike Ruddy discovered that the spellchecking dictionaries could still be downloaded over plain HTTP (related to CVE-2015-1263 ). - CVE-2015-1289 The chrome 44 development team found and fixed various issues during internal auditing. In addition to the above issues, Google disabled the hotword extension by default in this version, which if enabled downloads files without the user's intervention.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 84992
    published 2015-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84992
    title Debian DSA-3315-1 : chromium-browser - security update
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_D46ED7B8191211E59FDF00262D5ED8EE.NASL
    description Google Chrome Releases reports : 4 security fixes in this release : - [464922] High CVE-2015-1266: Scheme validation error in WebUI. Credit to anonymous. - [494640] High CVE-2015-1268: Cross-origin bypass in Blink. Credit to Mariusz Mlynski. - [497507] Medium CVE-2015-1267: Cross-origin bypass in Blink. Credit to anonymous. - [461481] Medium CVE-2015-1269: Normalization error in HSTS/HPKP preload list. Credit to Mike Ruddy.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 84327
    published 2015-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84327
    title FreeBSD : www/chromium -- multiple vulnerabilities (d46ed7b8-1912-11e5-9fdf-00262d5ed8ee)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-2652-1.NASL
    description It was discovered that Chromium did not properly consider the scheme when determining whether a URL is associated with a WebUI SiteInstance. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. (CVE-2015-1266) It was discovered that Blink did not properly restrict the creation context during creation of a DOM wrapper. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. (CVE-2015-1267, CVE-2015-1268) It was discovered that Chromium did not properly canonicalize DNS hostnames before comparing to HSTS or HPKP preload entries. An attacker could potentially exploit this to bypass intended access restrictions. (CVE-2015-1269). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 84487
    published 2015-07-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84487
    title Ubuntu 14.04 LTS / 14.10 / 15.04 : oxide-qt vulnerabilities (USN-2652-1)
  • NASL family Windows
    NASL id GOOGLE_CHROME_43_0_2357_130.NASL
    description The version of Google Chrome installed on the remote Windows host is prior to 43.0.2357.130. It is, therefore, affected by multiple vulnerabilities : - A scheme validation error exists in WebUI. A remote attacker can exploit this to have an unspecified impact. (CVE-2015-1266) - A cross-origin bypass vulnerability exists in Blink due to an unspecified flaw that is triggered when handling the creation context passed through public APIs. A remote attacker can exploit this to bypass the cross-origin policy. (CVE-2015-1267) - A cross-origin bypass vulnerability exists in Blink due to an unspecified flaw in its V8 bindings. A remote attacker can exploit this to bypass the cross-origin policy. (CVE-2015-1268) - A normalization bypass vulnerability exists in the HSTS/HPKP preload list. A remote attacker can exploit this to bypass HSTS/HPKP preloads and have a connection use HTTP instead of the expected HTTPS. (CVE-2015-1269) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-07-12
    plugin id 84342
    published 2015-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84342
    title Google Chrome < 43.0.2357.130 Multiple Vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201507-18.NASL
    description The remote host is affected by the vulnerability described in GLSA-201507-18 (Chromium: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Chromium. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could bypass security restrictions. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2015-09-23
    plugin id 86087
    published 2015-09-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=86087
    title GLSA-201507-18 : Chromium: Multiple vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-449.NASL
    description chromium was updated to 43.0.2357.130 to fix several security issues and bugs. The following vulnerabilities were fixed : - CVE-2015-1266: Scheme validation error in WebUI - CVE-2015-1268: Cross-origin bypass in Blink - CVE-2015-1267: Cross-origin bypass in Blink - CVE-2015-1269: Normalization error in HSTS/HPKP preload list - boo#935022: Prevent Chromium from downloading a binary blob for speech recognition Contains the following non-security changes : - resolved browser font magnification/scaling issue. - Fixed an issue where sometimes a blank page would print - Icons not displaying properly on Linux
    last seen 2019-02-21
    modified 2015-07-26
    plugin id 84415
    published 2015-06-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84415
    title openSUSE Security Update : chromium (openSUSE-2015-449)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2015-1188.NASL
    description Updated chromium-browser packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6 Supplementary. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Chromium is an open source web browser, powered by WebKit (Blink). Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. (CVE-2015-1266, CVE-2015-1267, CVE-2015-1268, CVE-2015-1269) All Chromium users should upgrade to these updated packages, which contain Chromium version 43.0.2357.130, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 84420
    published 2015-06-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84420
    title RHEL 6 : chromium-browser (RHSA-2015:1188)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_GOOGLE_CHROME_43_0_2357_130.NASL
    description The version of Google Chrome installed on the remote Mac OS X host is prior to 43.0.2357.130. It is, therefore, affected by multiple vulnerabilities : - A scheme validation error exists in WebUI. A remote attacker can exploit this to have an unspecified impact. (CVE-2015-1266) - A cross-origin bypass vulnerability exists in Blink due to an unspecified flaw that is triggered when handling the creation context passed through public APIs. A remote attacker can exploit this to bypass the cross-origin policy. (CVE-2015-1267) - A cross-origin bypass vulnerability exists in Blink due to an unspecified flaw in its V8 bindings. A remote attacker can exploit this to bypass the cross-origin policy. (CVE-2015-1268) - A normalization bypass vulnerability exists in the HSTS/HPKP preload list. A remote attacker can exploit this to bypass HSTS/HPKP preloads and have a connection use HTTP instead of the expected HTTPS. (CVE-2015-1269) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 84343
    published 2015-06-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=84343
    title Google Chrome < 43.0.2357.130 Multiple Vulnerabilities (Mac OS X)
redhat via4
advisories
rhsa
id RHSA-2015:1188
refmap via4
bid 75336
confirm
debian DSA-3315
gentoo GLSA-201507-18
sectrack 1032731
suse
  • openSUSE-SU-2015:1146
  • openSUSE-SU-2015:1872
ubuntu USN-2652-1
Last major update 30-12-2016 - 21:59
Published 26-06-2015 - 10:59
Back to Top