UBUNTU-CVE-2015-1281

Details

core/loader/ImageLoader.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly determine the V8 context of a microtask, which allows remote attackers to bypass Content Security Policy (CSP) restrictions by providing an image from an unintended source.

Affected Packages

Ubuntu:14.04:LTSchromium-browser

Affected versions:

29.0.1547.65-0ubuntu231.0.1650.63-0ubuntu1~20131204.132.0.1700.107-0ubuntu1~20140204.977.133.0.1750.152-0ubuntu1~pkg995.134.0.1847.116-0ubuntu236.0.1985.125-0ubuntu1.14.04.0~pkg102937.0.2062.120-0ubuntu0.14.04.1~pkg104937.0.2062.94-0ubuntu0.14.04.1~pkg104238.0.2125.111-0ubuntu0.14.04.1.106139.0.2171.65-0ubuntu0.14.04.1.1064+5 more

Fixed in:

44.0.2403.89-0ubuntu0.14.04.1.1095

References

REPORThttp://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html REPORThttps://ubuntu.com/security/CVE-2015-1281 REPORThttps://ubuntu.com/security/notices/USN-2677-1 REPORThttps://www.cve.org/CVERecord?id=CVE-2015-1281

UBUNTU-CVE-2015-1281

Details

Affected Packages

References

Related

Ecosystems

Timeline