| ID |
CVE-2015-3334
|
| Summary |
browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permission to a web site, which might make it easier for user-assisted remote attackers to obtain sensitive video data from a device's physical environment via a crafted web site that turns on the camera at a time when the user believes that camera access is prohibited. |
| References |
|
| Vulnerable Configurations |
-
Google Chrome 42.0.2311.60
cpe:2.3:a:google:chrome:42.0.2311.60
-
Debian Linux 7.0
cpe:2.3:o:debian:debian_linux:7.0
-
Debian Linux 8.0 (Jessie)
cpe:2.3:o:debian:debian_linux:8.0
-
OpenSUSE 13.1
cpe:2.3:o:opensuse:opensuse:13.1
-
OpenSUSE 13.2
cpe:2.3:o:opensuse:opensuse:13.2
|
| CVSS |
| Base: | 4.3 (as of 03-01-2017 - 13:33) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-17 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
NONE |
NONE |
|
| nessus
via4
|
| NASL family | Debian Local Security Checks | | NASL id | DEBIAN_DSA-3238.NASL | | description | Several vulnerabilities were discovered in the chromium web browser.
- CVE-2015-1235
A Same Origin Policy bypass issue was discovered in the
HTML parser.
- CVE-2015-1236
Amitay Dobo discovered a Same Origin Policy bypass in
the Web Audio API.
- CVE-2015-1237
Khalil Zhani discovered a use-after-free issue in IPC.
- CVE-2015-1238
'cloudfuzzer' discovered an out-of-bounds write in the
skia library.
- CVE-2015-1240
'w3bd3vil' discovered an out-of-bounds read in the WebGL
implementation.
- CVE-2015-1241
Phillip Moon and Matt Weston discovered a way to trigger
local user interface actions remotely via a crafted
website.
- CVE-2015-1242
A type confusion issue was discovered in the v8
JavaScript library.
- CVE-2015-1244
Mike Ruddy discovered a way to bypass the HTTP Strict
Transport Security policy.
- CVE-2015-1245
Khalil Zhani discovered a use-after-free issue in the
pdfium library.
- CVE-2015-1246
Atte Kettunen discovered an out-of-bounds read issue in
webkit/blink.
- CVE-2015-1247
Jann Horn discovered that 'file:' URLs in OpenSearch
documents were not sanitized, which could allow local
files to be read remotely when using the OpenSearch
feature from a crafted website.
- CVE-2015-1248
Vittorio Gambaletta discovered a way to bypass the
SafeBrowsing feature, which could allow the remote
execution of a downloaded executable file.
- CVE-2015-1249
The chrome 41 development team found various issues from
internal fuzzing, audits, and other studies.
- CVE-2015-3333
Multiple issues were discovered and fixed in v8
4.2.7.14.
- CVE-2015-3334
It was discovered that remote websites could capture
video data from attached web cameras without permission.
- CVE-2015-3336
It was discovered that remote websites could cause user
interface disruptions like window fullscreening and
mouse pointer locking. | | last seen | 2019-01-16 | | modified | 2018-11-10 | | plugin id | 83120 | | published | 2015-04-29 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=83120 | | title | Debian DSA-3238-1 : chromium-browser - security update |
| NASL family | Windows | | NASL id | GOOGLE_CHROME_42_0_2311_90.NASL | | description | The version of Google Chrome installed on the remote Windows host is
prior to 42.0.2311.90. It is, therefore, affected by multiple
vulnerabilities :
- A cross-origin bypass vulnerability exists due to an
unspecified flaw in the HTML parser. (CVE-2015-1235)
- A cross-origin bypass vulnerability exists due to a flaw
in MediaElementAudioSourceNode.cpp when handling audio
content. (CVE-2015-1236)
- A use-after-free error exists in render_frame_impl.cc
due to improper handling of a frame when it receives
messages while detaching. An attacker can exploit this
flaw to dereference already freed memory and execute
arbitrary code. (CVE-2015-1237)
- An unspecified out-of-bounds write flaw exists in the
Skia filters. (CVE-2015-1238)
- An out-of-bounds read flaw exists in WebGL due to
improper handling of ES3 commands. An attacker can
exploit this flaw to disclose memory contents.
(CVE-2015-1240)
- An unspecified tap-jacking flaw exists when certain tap
events aren't preceded by TapDown events. An attacker
can exploit this to direct taps to cross-pages and
cross-domains. (CVE-2015-1241)
- A type confusion error exists in the
ReduceTransitionElementsKind() function in
hydrogen-check-elimination.cc. An attacker can exploit
this error to execute arbitrary code. (CVE-2015-1242)
- A flaw exists related to WebSocket connections due to
HTTP Strict Transport Security (HSTS) not being strictly
enforced. A man-in-the-middle attacker can exploit this
flaw to view and manipulate protected communication.
(CVE-2015-1244)
- A use-after-free error exists in
open_pdf_in_reader_view.cc due to improper handling
handling the 'Open PDF in Reader' bubble on navigations.
An attacker can exploit this flaw to dereference already
freed memory and execute arbitrary code. (CVE-2015-1245)
- An unspecified out-of-bounds read flaw exists in Blink.
An attacker can exploit this to disclose memory
contents. (CVE-2015-1246)
- A flaw exists in the OnPageHasOSDD() function in
search_engine_tab_helper.cc due to improper handling
of URLs for the OpenSearch descriptor. An attacker can
exploit this flaw to disclose sensitive information.
(CVE-2015-1247)
- An unspecified flaw exists that allows an attacker to
bypass SafeBrowsing. (CVE-2015-1248)
- Multiple unspecified vulnerabilities exist that allow an
attacker to have an unspecified impact. (CVE-2015-1249)
- Multiple unspecified vulnerabilities exist in V8 that
allow an attacker to cause a denial of service and
other unspecified impacts.
(CVE-2015-3333)
- A media permission handling weakness exists due to
camera and microphone permissions being merged into a
single 'Media' permission. An attacker can exploit this,
via a specially crafted website, to turn on a victim's
camera while the victim believes camera access is
prohibited. (CVE-2015-3334)
- A flaw exists due to missing address space usage
limitation (RLIMIT_AS and RLIMIT_DATA) in the Native
Client (NaCl) process. This allows a remote attacker to
run a crafted program in the NaCl sandbox and to conduct
row-hammer attacks. (CVE-2015-3335)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number. | | last seen | 2019-01-16 | | modified | 2018-07-12 | | plugin id | 82825 | | published | 2015-04-16 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=82825 | | title | Google Chrome < 42.0.2311.90 Multiple Vulnerabilities |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2015-320.NASL | | description | Chromium was updated to latest stable release 42.0.2311.90 to fix
security issues and bugs. The following vulnerabilities were fixed :
- CVE-2015-1235: Cross-origin-bypass in HTML parser.
- CVE-2015-1236: Cross-origin-bypass in Blink.
- CVE-2015-1237: Use-after-free in IPC.
- CVE-2015-1238: Out-of-bounds write in Skia.
- CVE-2015-1240: Out-of-bounds read in WebGL.
- CVE-2015-1241: Tap-Jacking.
- CVE-2015-1242: Type confusion in V8.
- CVE-2015-1244: HSTS bypass in WebSockets.
- CVE-2015-1245: Use-after-free in PDFium.
- CVE-2015-1246: Out-of-bounds read in Blink.
- CVE-2015-1247: Scheme issues in OpenSearch.
- CVE-2015-1248: SafeBrowsing bypass.
- CVE-2015-1249: Various fixes from internal audits,
fuzzing and other initiatives.
- CVE-2015-3333: Multiple vulnerabilities in V8 fixed at
the tip of the 4.2 branch (currently 4.2.77.14).
- CVE-2015-3336: fullscreen and UI locking without user
confirmeation
- CVE-2015-3335: unspecified impact of crafed programs
running in NaCl sandbox
- CVE-2015-3334: 'Media: Allowed by you' sometimes not
shown in a permissions table
New functionality added :
- A number of new apps, extension and Web Platform APIs
(including the Push API!)
- Lots of under the hood changes for stability and
performance | | last seen | 2019-01-16 | | modified | 2015-05-24 | | plugin id | 83025 | | published | 2015-04-23 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=83025 | | title | openSUSE Security Update : Chromium (openSUSE-2015-320) |
| NASL family | MacOS X Local Security Checks | | NASL id | MACOSX_GOOGLE_CHROME_42_0_2311_90.NASL | | description | The version of Google Chrome installed on the remote Mac OS X host is
prior to 42.0.2311.90. It is, therefore, affected by multiple
vulnerabilities :
- A cross-origin bypass vulnerability exists due to an
unspecified flaw in the HTML parser. (CVE-2015-1235)
- A cross-origin bypass vulnerability exists due to a flaw
in MediaElementAudioSourceNode.cpp when handling audio
content. (CVE-2015-1236)
- A use-after-free error exists in render_frame_impl.cc
due to improper handling of a frame when it receives
messages while detaching. An attacker can exploit this
flaw to dereference already freed memory and execute
arbitrary code. (CVE-2015-1237)
- An unspecified out-of-bounds write flaw exists in the
Skia filters. (CVE-2015-1238)
- An out-of-bounds read flaw exists in WebGL due to
improper handling of ES3 commands. An attacker can
exploit this flaw to disclose memory contents.
(CVE-2015-1240)
- An unspecified tap-jacking flaw exists when certain tap
events aren't preceded by TapDown events. An attacker
can exploit this to direct taps to cross-pages and
cross-domains. (CVE-2015-1241)
- A type confusion error exists in the
ReduceTransitionElementsKind() function in
hydrogen-check-elimination.cc. An attacker can exploit
this error to execute arbitrary code. (CVE-2015-1242)
- A flaw exists related to WebSocket connections due to
HTTP Strict Transport Security (HSTS) not being strictly
enforced. A man-in-the-middle attacker can exploit this
flaw to view and manipulate protected communication.
(CVE-2015-1244)
- A use-after-free error exists in
open_pdf_in_reader_view.cc due to improper handling
handling the 'Open PDF in Reader' bubble on navigations.
An attacker can exploit this flaw to dereference already
freed memory and execute arbitrary code. (CVE-2015-1245)
- An unspecified out-of-bounds read flaw exists in Blink.
An attacker can exploit this to disclose memory
contents. (CVE-2015-1246)
- A flaw exists in the OnPageHasOSDD() function in
search_engine_tab_helper.cc due to improper handling
of URLs for the OpenSearch descriptor. An attacker can
exploit this flaw to disclose sensitive information.
(CVE-2015-1247)
- An unspecified flaw exists that allows an attacker to
bypass SafeBrowsing. (CVE-2015-1248)
- Multiple unspecified vulnerabilities exist that allow an
attacker to have an unspecified impact. (CVE-2015-1249)
- Multiple unspecified vulnerabilities exist in V8 that
allow an attacker to cause a denial of service and
other unspecified impacts.
(CVE-2015-3333)
- A media permission handling weakness exists due to
camera and microphone permissions being merged into a
single 'Media' permission. An attacker can exploit this,
via a specially crafted website, to turn on a victim's
camera while the victim believes camera access is
prohibited. (CVE-2015-3334)
- A flaw exists due to missing address space usage
limitation (RLIMIT_AS and RLIMIT_DATA) in the Native
Client (NaCl) process. This allows a remote attacker to
run a crafted program in the NaCl sandbox and to conduct
row-hammer attacks. (CVE-2015-3335)
Note that Nessus has not tested for these issues but has instead
relied only on the application's self-reported version number. | | last seen | 2019-01-16 | | modified | 2018-07-14 | | plugin id | 82826 | | published | 2015-04-16 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=82826 | | title | Google Chrome < 42.0.2311.90 Multiple Vulnerabilities (Mac OS X) |
|
| refmap
via4
|
| bid | 74225 | | confirm | | | debian | DSA-3238 | | suse | openSUSE-SU-2015:0748 |
|
| Last major update |
03-01-2017 - 14:38 |
| Published |
19-04-2015 - 06:59 |
| Last modified |
30-10-2018 - 12:27 |
