CVE-2015-1300

Publication date 2 September 2015

Last updated 24 July 2024

Ubuntu priority

The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive information via crafted JavaScript code that leverages a history.back call.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
chromium-browser	15.10 wily	Fixed 45.0.2454.85-0ubuntu1.1198
	15.04 vivid	Fixed 45.0.2454.85-0ubuntu0.15.04.1.1181
	14.04 LTS trusty	Fixed 45.0.2454.85-0ubuntu0.14.04.1.1097
	12.04 LTS precise	Ignored
oxide-qt	15.10 wily	Fixed 1.9.1-0ubuntu1
	15.04 vivid	Fixed 1.9.1-0ubuntu0.15.04.1
	14.04 LTS trusty	Fixed 1.9.1-0ubuntu0.14.04.2
	12.04 LTS precise	Not in release

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2735-1
Oxide vulnerabilities
8 September 2015

Other references

http://googlechromereleases.blogspot.ca/2015/09/stable-channel-update.html
https://www.cve.org/CVERecord?id=CVE-2015-1300