Vulnerability · NVD

CVE-2015-1211

N/A Published on 2015-02-06

The OriginCanAccessServiceWorkers function in content/browser/service_worker/service_worker_dispatcher_host.cc in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android does not properly restrict the URI scheme during a ServiceWorker registration, which allows remote attackers to gain privileges via a filesystem: URI.

EPSS 0.75% above median percentile 73.5%

Tracked apps referencing this CVE

For each app: the affected range, the fixing version, and where the tracked app stands today.

Google Chrome Android com.android.chrome

Affected <40.0.2214.109 Fixed in 40.0.2214.109 Latest tracked 147.0.7727.137 patched

Vulnerable CPE configurations (1)

Vendor	Product	Platform	Versions	CPE 2.3 URI
google	chrome Android	Android	<40.0.2214.109	cpe:2.3:a:google:chrome::::::android::*

View on NVD ↗