ID CVE-2015-3334
Summary browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permission to a web site, which might make it easier for user-assisted remote attackers to obtain sensitive video data from a device's physical environment via a crafted web site that turns on the camera at a time when the user believes that camera access is prohibited.
References
Vulnerable Configurations
  • Google Chrome 42.0.2311.60
    cpe:2.3:a:google:chrome:42.0.2311.60
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
  • Debian Linux 8.0 (Jessie)
    cpe:2.3:o:debian:debian_linux:8.0
  • OpenSUSE 13.1
    cpe:2.3:o:opensuse:opensuse:13.1
  • OpenSUSE 13.2
    cpe:2.3:o:opensuse:opensuse:13.2
CVSS
Base: 4.3 (as of 03-01-2017 - 13:33)
Impact:
Exploitability:
CWE CWE-17
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family Windows
    NASL id GOOGLE_CHROME_42_0_2311_90.NASL
    description The version of Google Chrome installed on the remote Windows host is prior to 42.0.2311.90. It is, therefore, affected by multiple vulnerabilities : - A cross-origin bypass vulnerability exists due to an unspecified flaw in the HTML parser. (CVE-2015-1235) - A cross-origin bypass vulnerability exists due to a flaw in MediaElementAudioSourceNode.cpp when handling audio content. (CVE-2015-1236) - A use-after-free error exists in render_frame_impl.cc due to improper handling of a frame when it receives messages while detaching. An attacker can exploit this flaw to dereference already freed memory and execute arbitrary code. (CVE-2015-1237) - An unspecified out-of-bounds write flaw exists in the Skia filters. (CVE-2015-1238) - An out-of-bounds read flaw exists in WebGL due to improper handling of ES3 commands. An attacker can exploit this flaw to disclose memory contents. (CVE-2015-1240) - An unspecified tap-jacking flaw exists when certain tap events aren't preceded by TapDown events. An attacker can exploit this to direct taps to cross-pages and cross-domains. (CVE-2015-1241) - A type confusion error exists in the ReduceTransitionElementsKind() function in hydrogen-check-elimination.cc. An attacker can exploit this error to execute arbitrary code. (CVE-2015-1242) - A flaw exists related to WebSocket connections due to HTTP Strict Transport Security (HSTS) not being strictly enforced. A man-in-the-middle attacker can exploit this flaw to view and manipulate protected communication. (CVE-2015-1244) - A use-after-free error exists in open_pdf_in_reader_view.cc due to improper handling handling the 'Open PDF in Reader' bubble on navigations. An attacker can exploit this flaw to dereference already freed memory and execute arbitrary code. (CVE-2015-1245) - An unspecified out-of-bounds read flaw exists in Blink. An attacker can exploit this to disclose memory contents. (CVE-2015-1246) - A flaw exists in the OnPageHasOSDD() function in search_engine_tab_helper.cc due to improper handling of URLs for the OpenSearch descriptor. An attacker can exploit this flaw to disclose sensitive information. (CVE-2015-1247) - An unspecified flaw exists that allows an attacker to bypass SafeBrowsing. (CVE-2015-1248) - Multiple unspecified vulnerabilities exist that allow an attacker to have an unspecified impact. (CVE-2015-1249) - Multiple unspecified vulnerabilities exist in V8 that allow an attacker to cause a denial of service and other unspecified impacts. (CVE-2015-3333) - A media permission handling weakness exists due to camera and microphone permissions being merged into a single 'Media' permission. An attacker can exploit this, via a specially crafted website, to turn on a victim's camera while the victim believes camera access is prohibited. (CVE-2015-3334) - A flaw exists due to missing address space usage limitation (RLIMIT_AS and RLIMIT_DATA) in the Native Client (NaCl) process. This allows a remote attacker to run a crafted program in the NaCl sandbox and to conduct row-hammer attacks. (CVE-2015-3335) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2018-09-01
    modified 2018-07-12
    plugin id 82825
    published 2015-04-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82825
    title Google Chrome < 42.0.2311.90 Multiple Vulnerabilities
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_GOOGLE_CHROME_42_0_2311_90.NASL
    description The version of Google Chrome installed on the remote Mac OS X host is prior to 42.0.2311.90. It is, therefore, affected by multiple vulnerabilities : - A cross-origin bypass vulnerability exists due to an unspecified flaw in the HTML parser. (CVE-2015-1235) - A cross-origin bypass vulnerability exists due to a flaw in MediaElementAudioSourceNode.cpp when handling audio content. (CVE-2015-1236) - A use-after-free error exists in render_frame_impl.cc due to improper handling of a frame when it receives messages while detaching. An attacker can exploit this flaw to dereference already freed memory and execute arbitrary code. (CVE-2015-1237) - An unspecified out-of-bounds write flaw exists in the Skia filters. (CVE-2015-1238) - An out-of-bounds read flaw exists in WebGL due to improper handling of ES3 commands. An attacker can exploit this flaw to disclose memory contents. (CVE-2015-1240) - An unspecified tap-jacking flaw exists when certain tap events aren't preceded by TapDown events. An attacker can exploit this to direct taps to cross-pages and cross-domains. (CVE-2015-1241) - A type confusion error exists in the ReduceTransitionElementsKind() function in hydrogen-check-elimination.cc. An attacker can exploit this error to execute arbitrary code. (CVE-2015-1242) - A flaw exists related to WebSocket connections due to HTTP Strict Transport Security (HSTS) not being strictly enforced. A man-in-the-middle attacker can exploit this flaw to view and manipulate protected communication. (CVE-2015-1244) - A use-after-free error exists in open_pdf_in_reader_view.cc due to improper handling handling the 'Open PDF in Reader' bubble on navigations. An attacker can exploit this flaw to dereference already freed memory and execute arbitrary code. (CVE-2015-1245) - An unspecified out-of-bounds read flaw exists in Blink. An attacker can exploit this to disclose memory contents. (CVE-2015-1246) - A flaw exists in the OnPageHasOSDD() function in search_engine_tab_helper.cc due to improper handling of URLs for the OpenSearch descriptor. An attacker can exploit this flaw to disclose sensitive information. (CVE-2015-1247) - An unspecified flaw exists that allows an attacker to bypass SafeBrowsing. (CVE-2015-1248) - Multiple unspecified vulnerabilities exist that allow an attacker to have an unspecified impact. (CVE-2015-1249) - Multiple unspecified vulnerabilities exist in V8 that allow an attacker to cause a denial of service and other unspecified impacts. (CVE-2015-3333) - A media permission handling weakness exists due to camera and microphone permissions being merged into a single 'Media' permission. An attacker can exploit this, via a specially crafted website, to turn on a victim's camera while the victim believes camera access is prohibited. (CVE-2015-3334) - A flaw exists due to missing address space usage limitation (RLIMIT_AS and RLIMIT_DATA) in the Native Client (NaCl) process. This allows a remote attacker to run a crafted program in the NaCl sandbox and to conduct row-hammer attacks. (CVE-2015-3335) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
    last seen 2018-09-01
    modified 2018-07-14
    plugin id 82826
    published 2015-04-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=82826
    title Google Chrome < 42.0.2311.90 Multiple Vulnerabilities (Mac OS X)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2015-320.NASL
    description Chromium was updated to latest stable release 42.0.2311.90 to fix security issues and bugs. The following vulnerabilities were fixed : - CVE-2015-1235: Cross-origin-bypass in HTML parser. - CVE-2015-1236: Cross-origin-bypass in Blink. - CVE-2015-1237: Use-after-free in IPC. - CVE-2015-1238: Out-of-bounds write in Skia. - CVE-2015-1240: Out-of-bounds read in WebGL. - CVE-2015-1241: Tap-Jacking. - CVE-2015-1242: Type confusion in V8. - CVE-2015-1244: HSTS bypass in WebSockets. - CVE-2015-1245: Use-after-free in PDFium. - CVE-2015-1246: Out-of-bounds read in Blink. - CVE-2015-1247: Scheme issues in OpenSearch. - CVE-2015-1248: SafeBrowsing bypass. - CVE-2015-1249: Various fixes from internal audits, fuzzing and other initiatives. - CVE-2015-3333: Multiple vulnerabilities in V8 fixed at the tip of the 4.2 branch (currently 4.2.77.14). - CVE-2015-3336: fullscreen and UI locking without user confirmeation - CVE-2015-3335: unspecified impact of crafed programs running in NaCl sandbox - CVE-2015-3334: 'Media: Allowed by you' sometimes not shown in a permissions table New functionality added : - A number of new apps, extension and Web Platform APIs (including the Push API!) - Lots of under the hood changes for stability and performance
    last seen 2018-09-01
    modified 2015-05-24
    plugin id 83025
    published 2015-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83025
    title openSUSE Security Update : Chromium (openSUSE-2015-320)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-3238.NASL
    description Several vulnerabilities were discovered in the chromium web browser. - CVE-2015-1235 A Same Origin Policy bypass issue was discovered in the HTML parser. - CVE-2015-1236 Amitay Dobo discovered a Same Origin Policy bypass in the Web Audio API. - CVE-2015-1237 Khalil Zhani discovered a use-after-free issue in IPC. - CVE-2015-1238 'cloudfuzzer' discovered an out-of-bounds write in the skia library. - CVE-2015-1240 'w3bd3vil' discovered an out-of-bounds read in the WebGL implementation. - CVE-2015-1241 Phillip Moon and Matt Weston discovered a way to trigger local user interface actions remotely via a crafted website. - CVE-2015-1242 A type confusion issue was discovered in the v8 JavaScript library. - CVE-2015-1244 Mike Ruddy discovered a way to bypass the HTTP Strict Transport Security policy. - CVE-2015-1245 Khalil Zhani discovered a use-after-free issue in the pdfium library. - CVE-2015-1246 Atte Kettunen discovered an out-of-bounds read issue in webkit/blink. - CVE-2015-1247 Jann Horn discovered that 'file:' URLs in OpenSearch documents were not sanitized, which could allow local files to be read remotely when using the OpenSearch feature from a crafted website. - CVE-2015-1248 Vittorio Gambaletta discovered a way to bypass the SafeBrowsing feature, which could allow the remote execution of a downloaded executable file. - CVE-2015-1249 The chrome 41 development team found various issues from internal fuzzing, audits, and other studies. - CVE-2015-3333 Multiple issues were discovered and fixed in v8 4.2.7.14. - CVE-2015-3334 It was discovered that remote websites could capture video data from attached web cameras without permission. - CVE-2015-3336 It was discovered that remote websites could cause user interface disruptions like window fullscreening and mouse pointer locking.
    last seen 2018-11-13
    modified 2018-11-10
    plugin id 83120
    published 2015-04-29
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=83120
    title Debian DSA-3238-1 : chromium-browser - security update
refmap via4
bid 74225
confirm
debian DSA-3238
suse openSUSE-SU-2015:0748
Last major update 03-01-2017 - 14:38
Published 19-04-2015 - 06:59
Last modified 30-10-2018 - 12:27
Back to Top