cnvd - cnvd-2015-02253

cnvd-2015-02253

Vulnerability from cnvd

Title: Google Chrome IPC交互存在未明任意代码执行漏洞

Description:

Google Chrome是一个基于WEB的浏览器。

Google Chrome未能正确处理IPC，Gamepad API和Google V8交互漏洞，允许远程攻击者构建恶意WEB页，诱使用户解析，执行任意代码。

Severity: 高

Patch Name: Google Chrome IPC交互存在未明任意代码执行漏洞的补丁

Patch Description:

Google Chrome是一个基于WEB的浏览器。Google Chrome未能正确处理IPC，Gamepad API和Google V8交互漏洞，允许远程攻击者构建恶意WEB页，诱使用户解析，执行任意代码。目前，厂商已经发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

Google Chrome 41.0.2272.118已经修复该漏洞，建议用户下载更新： https://www.google.com/chrome

Reference: http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html

Impacted products

Name
Google Chrome 41.0.2272.118

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-1233"
    }
  },
  "description": "Google Chrome\u662f\u4e00\u4e2a\u57fa\u4e8eWEB\u7684\u6d4f\u89c8\u5668\u3002\r\n\r\nGoogle Chrome\u672a\u80fd\u6b63\u786e\u5904\u7406IPC\uff0cGamepad API\u548cGoogle V8\u4ea4\u4e92\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u6784\u5efa\u6076\u610fWEB\u9875\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "discovererName": "Google",
  "formalWay": "Google Chrome 41.0.2272.118\u5df2\u7ecf\u4fee\u590d\u8be5\u6f0f\u6d1e\uff0c\u5efa\u8bae\u7528\u6237\u4e0b\u8f7d\u66f4\u65b0\uff1a\r\nhttps://www.google.com/chrome",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-02253",
  "openTime": "2015-04-09",
  "patchDescription": "Google Chrome\u662f\u4e00\u4e2a\u57fa\u4e8eWEB\u7684\u6d4f\u89c8\u5668\u3002Google Chrome\u672a\u80fd\u6b63\u786e\u5904\u7406IPC\uff0cGamepad API\u548cGoogle V8\u4ea4\u4e92\u6f0f\u6d1e\uff0c\u5141\u8bb8\u8fdc\u7a0b\u653b\u51fb\u8005\u6784\u5efa\u6076\u610fWEB\u9875\uff0c\u8bf1\u4f7f\u7528\u6237\u89e3\u6790\uff0c\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Chrome IPC\u4ea4\u4e92\u5b58\u5728\u672a\u660e\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Google Chrome 41.0.2272.118"
  },
  "referenceLink": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html",
  "serverity": "\u9ad8",
  "submitTime": "2015-04-02",
  "title": "Google Chrome IPC\u4ea4\u4e92\u5b58\u5728\u672a\u660e\u4efb\u610f\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2015-1233 (GCVE-0-2015-1233)

Vulnerability from cvelistv5

Published

2015-04-01 21:00

Modified

2024-08-06 04:33

Severity ?

CWE

Summary

Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors.

References

▼	URL	Tags
	https://code.google.com/p/chromium/issues/detail?id=469058	x_refsource_CONFIRM
	http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html	x_refsource_CONFIRM
	http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html	vendor-advisory, x_refsource_SUSE
	http://www.ubuntu.com/usn/USN-2556-1	vendor-advisory, x_refsource_UBUNTU
	https://security.gentoo.org/glsa/201506-04	vendor-advisory, x_refsource_GENTOO
	http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00004.html	vendor-advisory, x_refsource_SUSE
	http://www.securitytracker.com/id/1032012	vdb-entry, x_refsource_SECTRACK
	http://rhn.redhat.com/errata/RHSA-2015-0778.html	vendor-advisory, x_refsource_REDHAT
	http://www.securityfocus.com/bid/73484	vdb-entry, x_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:33:20.746Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://code.google.com/p/chromium/issues/detail?id=469058"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html"
          },
          {
            "name": "openSUSE-SU-2015:1887",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html"
          },
          {
            "name": "USN-2556-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2556-1"
          },
          {
            "name": "GLSA-201506-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201506-04"
          },
          {
            "name": "openSUSE-SU-2015:0682",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00004.html"
          },
          {
            "name": "1032012",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032012"
          },
          {
            "name": "RHSA-2015:0778",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-0778.html"
          },
          {
            "name": "73484",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73484"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-20T16:57:01",
        "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
        "shortName": "Chrome"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://code.google.com/p/chromium/issues/detail?id=469058"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html"
        },
        {
          "name": "openSUSE-SU-2015:1887",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html"
        },
        {
          "name": "USN-2556-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2556-1"
        },
        {
          "name": "GLSA-201506-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201506-04"
        },
        {
          "name": "openSUSE-SU-2015:0682",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00004.html"
        },
        {
          "name": "1032012",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032012"
        },
        {
          "name": "RHSA-2015:0778",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-0778.html"
        },
        {
          "name": "73484",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/73484"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@google.com",
          "ID": "CVE-2015-1233",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Google Chrome before 41.0.2272.118 does not properly handle the interaction of IPC, the Gamepad API, and Google V8, which allows remote attackers to execute arbitrary code via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://code.google.com/p/chromium/issues/detail?id=469058",
              "refsource": "CONFIRM",
              "url": "https://code.google.com/p/chromium/issues/detail?id=469058"
            },
            {
              "name": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html",
              "refsource": "CONFIRM",
              "url": "http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html"
            },
            {
              "name": "openSUSE-SU-2015:1887",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html"
            },
            {
              "name": "USN-2556-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2556-1"
            },
            {
              "name": "GLSA-201506-04",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201506-04"
            },
            {
              "name": "openSUSE-SU-2015:0682",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2015-04/msg00004.html"
            },
            {
              "name": "1032012",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032012"
            },
            {
              "name": "RHSA-2015:0778",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2015-0778.html"
            },
            {
              "name": "73484",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/73484"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28",
    "assignerShortName": "Chrome",
    "cveId": "CVE-2015-1233",
    "datePublished": "2015-04-01T21:00:00",
    "dateReserved": "2015-01-21T00:00:00",
    "dateUpdated": "2024-08-06T04:33:20.746Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted