Описание
The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element.
The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-1236
- https://code.google.com/p/chromium/issues/detail?id=313939
- https://security.gentoo.org/glsa/201506-04
- https://src.chromium.org/viewvc/blink?revision=189527&view=revision
- http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html
- http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html
- http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html
- http://rhn.redhat.com/errata/RHSA-2015-0816.html
- http://ubuntu.com/usn/usn-2570-1
- http://www.debian.org/security/2015/dsa-3238
- http://www.securitytracker.com/id/1032209
EPSS
CVE ID
Связанные уязвимости
The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element.
The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element.
The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element.
The MediaElementAudioSourceNode::process function in modules/webaudio/ ...
Уязвимость браузера Google Chrome, позволяющая удаленному нарушителю получить доступ к значениям образцов аудио
EPSS