| ID |
CVE-2015-3334
|
| Summary |
browser/ui/website_settings/website_settings.cc in Google Chrome before 42.0.2311.90 does not always display "Media: Allowed by you" in a Permissions table after the user has granted camera permission to a web site, which might make it easier for user-assisted remote attackers to obtain sensitive video data from a device's physical environment via a crafted web site that turns on the camera at a time when the user believes that camera access is prohibited. |
| References |
|
| Vulnerable Configurations |
-
Google Chrome 42.0.2311.60
cpe:2.3:a:google:chrome:42.0.2311.60
-
Debian Linux 7.0
cpe:2.3:o:debian:debian_linux:7.0
-
Debian Linux 8.0 (Jessie)
cpe:2.3:o:debian:debian_linux:8.0
-
OpenSUSE 13.1
cpe:2.3:o:opensuse:opensuse:13.1
-
OpenSUSE 13.2
cpe:2.3:o:opensuse:opensuse:13.2
|
| CVSS |
| Base: | 4.3 (as of 03-01-2017 - 13:33) |
| Impact: | |
| Exploitability: | |
|
| CWE |
CWE-17 |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
MEDIUM |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| PARTIAL |
NONE |
NONE |
|
| nessus
via4
|
| NASL family | Windows | | NASL id | GOOGLE_CHROME_42_0_2311_90.NASL | | description | The version of Google Chrome installed on the remote Windows host is prior to 42.0.2311.90. It is, therefore, affected by multiple vulnerabilities :
- A cross-origin bypass vulnerability exists due to an unspecified flaw in the HTML parser. (CVE-2015-1235)
- A cross-origin bypass vulnerability exists due to a flaw in MediaElementAudioSourceNode.cpp when handling audio content. (CVE-2015-1236)
- A use-after-free error exists in render_frame_impl.cc due to improper handling of a frame when it receives messages while detaching. An attacker can exploit this flaw to dereference already freed memory and execute arbitrary code. (CVE-2015-1237)
- An unspecified out-of-bounds write flaw exists in the Skia filters. (CVE-2015-1238)
- An out-of-bounds read flaw exists in WebGL due to improper handling of ES3 commands. An attacker can exploit this flaw to disclose memory contents.
(CVE-2015-1240)
- An unspecified tap-jacking flaw exists when certain tap events aren't preceded by TapDown events. An attacker can exploit this to direct taps to cross-pages and cross-domains. (CVE-2015-1241)
- A type confusion error exists in the ReduceTransitionElementsKind() function in hydrogen-check-elimination.cc. An attacker can exploit this error to execute arbitrary code. (CVE-2015-1242)
- A flaw exists related to WebSocket connections due to HTTP Strict Transport Security (HSTS) not being strictly enforced. A man-in-the-middle attacker can exploit this flaw to view and manipulate protected communication.
(CVE-2015-1244)
- A use-after-free error exists in open_pdf_in_reader_view.cc due to improper handling handling the 'Open PDF in Reader' bubble on navigations.
An attacker can exploit this flaw to dereference already freed memory and execute arbitrary code. (CVE-2015-1245)
- An unspecified out-of-bounds read flaw exists in Blink.
An attacker can exploit this to disclose memory contents. (CVE-2015-1246)
- A flaw exists in the OnPageHasOSDD() function in search_engine_tab_helper.cc due to improper handling of URLs for the OpenSearch descriptor. An attacker can exploit this flaw to disclose sensitive information.
(CVE-2015-1247)
- An unspecified flaw exists that allows an attacker to bypass SafeBrowsing. (CVE-2015-1248)
- Multiple unspecified vulnerabilities exist that allow an attacker to have an unspecified impact. (CVE-2015-1249)
- Multiple unspecified vulnerabilities exist in V8 that allow an attacker to cause a denial of service and other unspecified impacts.
(CVE-2015-3333)
- A media permission handling weakness exists due to camera and microphone permissions being merged into a single 'Media' permission. An attacker can exploit this, via a specially crafted website, to turn on a victim's camera while the victim believes camera access is prohibited. (CVE-2015-3334)
- A flaw exists due to missing address space usage limitation (RLIMIT_AS and RLIMIT_DATA) in the Native Client (NaCl) process. This allows a remote attacker to run a crafted program in the NaCl sandbox and to conduct row-hammer attacks. (CVE-2015-3335)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. | | last seen | 2018-09-01 | | modified | 2018-07-12 | | plugin id | 82825 | | published | 2015-04-16 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=82825 | | title | Google Chrome < 42.0.2311.90 Multiple Vulnerabilities |
| NASL family | MacOS X Local Security Checks | | NASL id | MACOSX_GOOGLE_CHROME_42_0_2311_90.NASL | | description | The version of Google Chrome installed on the remote Mac OS X host is prior to 42.0.2311.90. It is, therefore, affected by multiple vulnerabilities :
- A cross-origin bypass vulnerability exists due to an unspecified flaw in the HTML parser. (CVE-2015-1235)
- A cross-origin bypass vulnerability exists due to a flaw in MediaElementAudioSourceNode.cpp when handling audio content. (CVE-2015-1236)
- A use-after-free error exists in render_frame_impl.cc due to improper handling of a frame when it receives messages while detaching. An attacker can exploit this flaw to dereference already freed memory and execute arbitrary code. (CVE-2015-1237)
- An unspecified out-of-bounds write flaw exists in the Skia filters. (CVE-2015-1238)
- An out-of-bounds read flaw exists in WebGL due to improper handling of ES3 commands. An attacker can exploit this flaw to disclose memory contents.
(CVE-2015-1240)
- An unspecified tap-jacking flaw exists when certain tap events aren't preceded by TapDown events. An attacker can exploit this to direct taps to cross-pages and cross-domains. (CVE-2015-1241)
- A type confusion error exists in the ReduceTransitionElementsKind() function in hydrogen-check-elimination.cc. An attacker can exploit this error to execute arbitrary code. (CVE-2015-1242)
- A flaw exists related to WebSocket connections due to HTTP Strict Transport Security (HSTS) not being strictly enforced. A man-in-the-middle attacker can exploit this flaw to view and manipulate protected communication.
(CVE-2015-1244)
- A use-after-free error exists in open_pdf_in_reader_view.cc due to improper handling handling the 'Open PDF in Reader' bubble on navigations.
An attacker can exploit this flaw to dereference already freed memory and execute arbitrary code. (CVE-2015-1245)
- An unspecified out-of-bounds read flaw exists in Blink.
An attacker can exploit this to disclose memory contents. (CVE-2015-1246)
- A flaw exists in the OnPageHasOSDD() function in search_engine_tab_helper.cc due to improper handling of URLs for the OpenSearch descriptor. An attacker can exploit this flaw to disclose sensitive information.
(CVE-2015-1247)
- An unspecified flaw exists that allows an attacker to bypass SafeBrowsing. (CVE-2015-1248)
- Multiple unspecified vulnerabilities exist that allow an attacker to have an unspecified impact. (CVE-2015-1249)
- Multiple unspecified vulnerabilities exist in V8 that allow an attacker to cause a denial of service and other unspecified impacts.
(CVE-2015-3333)
- A media permission handling weakness exists due to camera and microphone permissions being merged into a single 'Media' permission. An attacker can exploit this, via a specially crafted website, to turn on a victim's camera while the victim believes camera access is prohibited. (CVE-2015-3334)
- A flaw exists due to missing address space usage limitation (RLIMIT_AS and RLIMIT_DATA) in the Native Client (NaCl) process. This allows a remote attacker to run a crafted program in the NaCl sandbox and to conduct row-hammer attacks. (CVE-2015-3335) Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number. | | last seen | 2018-09-01 | | modified | 2018-07-14 | | plugin id | 82826 | | published | 2015-04-16 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=82826 | | title | Google Chrome < 42.0.2311.90 Multiple Vulnerabilities (Mac OS X) |
| NASL family | SuSE Local Security Checks | | NASL id | OPENSUSE-2015-320.NASL | | description | Chromium was updated to latest stable release 42.0.2311.90 to fix security issues and bugs. The following vulnerabilities were fixed :
- CVE-2015-1235: Cross-origin-bypass in HTML parser.
- CVE-2015-1236: Cross-origin-bypass in Blink.
- CVE-2015-1237: Use-after-free in IPC.
- CVE-2015-1238: Out-of-bounds write in Skia.
- CVE-2015-1240: Out-of-bounds read in WebGL.
- CVE-2015-1241: Tap-Jacking.
- CVE-2015-1242: Type confusion in V8.
- CVE-2015-1244: HSTS bypass in WebSockets.
- CVE-2015-1245: Use-after-free in PDFium.
- CVE-2015-1246: Out-of-bounds read in Blink.
- CVE-2015-1247: Scheme issues in OpenSearch.
- CVE-2015-1248: SafeBrowsing bypass.
- CVE-2015-1249: Various fixes from internal audits, fuzzing and other initiatives.
- CVE-2015-3333: Multiple vulnerabilities in V8 fixed at the tip of the 4.2 branch (currently 4.2.77.14).
- CVE-2015-3336: fullscreen and UI locking without user confirmeation
- CVE-2015-3335: unspecified impact of crafed programs running in NaCl sandbox
- CVE-2015-3334: 'Media: Allowed by you' sometimes not shown in a permissions table
New functionality added :
- A number of new apps, extension and Web Platform APIs (including the Push API!)
- Lots of under the hood changes for stability and performance | | last seen | 2018-09-01 | | modified | 2015-05-24 | | plugin id | 83025 | | published | 2015-04-23 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=83025 | | title | openSUSE Security Update : Chromium (openSUSE-2015-320) |
| NASL family | Debian Local Security Checks | | NASL id | DEBIAN_DSA-3238.NASL | | description | Several vulnerabilities were discovered in the chromium web browser.
- CVE-2015-1235 A Same Origin Policy bypass issue was discovered in the HTML parser.
- CVE-2015-1236 Amitay Dobo discovered a Same Origin Policy bypass in the Web Audio API.
- CVE-2015-1237 Khalil Zhani discovered a use-after-free issue in IPC.
- CVE-2015-1238 'cloudfuzzer' discovered an out-of-bounds write in the skia library.
- CVE-2015-1240 'w3bd3vil' discovered an out-of-bounds read in the WebGL implementation.
- CVE-2015-1241 Phillip Moon and Matt Weston discovered a way to trigger local user interface actions remotely via a crafted website.
- CVE-2015-1242 A type confusion issue was discovered in the v8 JavaScript library.
- CVE-2015-1244 Mike Ruddy discovered a way to bypass the HTTP Strict Transport Security policy.
- CVE-2015-1245 Khalil Zhani discovered a use-after-free issue in the pdfium library.
- CVE-2015-1246 Atte Kettunen discovered an out-of-bounds read issue in webkit/blink.
- CVE-2015-1247 Jann Horn discovered that 'file:' URLs in OpenSearch documents were not sanitized, which could allow local files to be read remotely when using the OpenSearch feature from a crafted website.
- CVE-2015-1248 Vittorio Gambaletta discovered a way to bypass the SafeBrowsing feature, which could allow the remote execution of a downloaded executable file.
- CVE-2015-1249 The chrome 41 development team found various issues from internal fuzzing, audits, and other studies.
- CVE-2015-3333 Multiple issues were discovered and fixed in v8 4.2.7.14.
- CVE-2015-3334 It was discovered that remote websites could capture video data from attached web cameras without permission.
- CVE-2015-3336 It was discovered that remote websites could cause user interface disruptions like window fullscreening and mouse pointer locking. | | last seen | 2018-11-13 | | modified | 2018-11-10 | | plugin id | 83120 | | published | 2015-04-29 | | reporter | Tenable | | source | https://www.tenable.com/plugins/index.php?view=single&id=83120 | | title | Debian DSA-3238-1 : chromium-browser - security update |
|
| refmap
via4
|
| bid | 74225 | | confirm | | | debian | DSA-3238 | | suse | openSUSE-SU-2015:0748 |
|
| Last major update |
03-01-2017 - 14:38 |
| Published |
19-04-2015 - 06:59 |
| Last modified |
30-10-2018 - 12:27 |
