| Max CVSS | 5.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2015-1268 | 5.0 |
bindings/scripts/v8_types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value's DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript
|
31-12-2016 - 02:59 | 26-06-2015 - 14:59 | |
| CVE-2015-1266 | 5.0 |
content/browser/webui/content_web_ui_controller_factory.cc in Google Chrome before 43.0.2357.130 does not properly consider the scheme in determining whether a URL is associated with a WebUI SiteInstance, which allows remote attackers to bypass inten
|
31-12-2016 - 02:59 | 26-06-2015 - 14:59 | |
| CVE-2015-1267 | 5.0 |
Blink, as used in Google Chrome before 43.0.2357.130, does not properly restrict the creation context during creation of a DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that uses a Blink publi
|
31-12-2016 - 02:59 | 26-06-2015 - 14:59 | |
| CVE-2015-1269 | 4.3 |
The DecodeHSTSPreloadRaw function in net/http/transport_security_state.cc in Google Chrome before 43.0.2357.130 does not properly canonicalize DNS hostnames before making comparisons to HSTS or HPKP preload entries, which allows remote attackers to b
|
31-12-2016 - 02:59 | 26-06-2015 - 14:59 |