UBUNTU-CVE-2015-1285

Details

The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-time attack.

Affected Packages

Ubuntu:14.04:LTSchromium-browser

Affected versions:

29.0.1547.65-0ubuntu231.0.1650.63-0ubuntu1~20131204.132.0.1700.107-0ubuntu1~20140204.977.133.0.1750.152-0ubuntu1~pkg995.134.0.1847.116-0ubuntu236.0.1985.125-0ubuntu1.14.04.0~pkg102937.0.2062.120-0ubuntu0.14.04.1~pkg104937.0.2062.94-0ubuntu0.14.04.1~pkg104238.0.2125.111-0ubuntu0.14.04.1.106139.0.2171.65-0ubuntu0.14.04.1.1064+5 more

Fixed in:

44.0.2403.89-0ubuntu0.14.04.1.1095

References

REPORThttp://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html REPORThttps://ubuntu.com/security/CVE-2015-1285 REPORThttps://ubuntu.com/security/notices/USN-2677-1 REPORThttps://www.cve.org/CVERecord?id=CVE-2015-1285

UBUNTU-CVE-2015-1285

Details

Affected Packages

References

Related

Ecosystems

Timeline