Cross-Context Exception Bypass in Blink

Cross-Context Exception Bypass in Blink

CVE-2015-1303 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

bindings/core/v8/V8DOMWrapper.h in Blink, as used in Google Chrome before 45.0.2454.101, does not perform a rethrow action to propagate information about a cross-context exception, which allows remote attackers to bypass the Same Origin Policy via a crafted HTML document containing an IFRAME element.

Learn more about our Cis Benchmark Audit For Google Chrome.