CVE-2015-1303

Severity CVSS v4.0:
Pending analysis
Type:
CWE-20 Input Validation
Publication date:
12/10/2015
Last modified:
12/04/2025

Description

bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME element.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* 45.0.2454.93 (including)