CVE-2015-1254

Publication date 20 May 2015

Last updated 24 July 2024

Ubuntu priority

core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
chromium-browser	15.10 wily	Fixed 43.0.2357.81-0ubuntu1.1179
	15.04 vivid	Fixed 43.0.2357.81-0ubuntu0.15.04.1.1170
	14.10 utopic	Fixed 43.0.2357.81-0ubuntu0.14.10.1.1131
	14.04 LTS trusty	Fixed 43.0.2357.81-0ubuntu0.14.04.1.1089
	12.04 LTS precise	Ignored
oxide-qt	15.10 wily	Fixed 1.7.8-0ubuntu1
	15.04 vivid	Fixed 1.7.8-0ubuntu0.15.04.1
	14.10 utopic	Fixed 1.7.8-0ubuntu0.14.10.1
	14.04 LTS trusty	Fixed 1.7.8-0ubuntu0.14.04.1
	12.04 LTS precise	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2610-1
Oxide vulnerabilities
21 May 2015

Other references

https://src.chromium.org/viewvc/blink?revision=192658&view=revision
https://code.google.com/p/chromium/issues/detail?id=444927
http://googlechromereleases.blogspot.com/2015/05/stable-channel-update_19.html
https://www.cve.org/CVERecord?id=CVE-2015-1254