Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Information Disclosure Vulnerability in Google Chrome

 

Systems Affected


Google Chrome version prior to 46.0.2490.86

Threat Level


High


Overview


Vulnerability has been reported in Google chrome which could allow remote attackers to obtain sensitive information from the affected systems.


Description


This vulnerability exists in the PDF viewer (pdf.js) function in Google Chrome, which is caused due to improper restriction of scripting messages and API exposure. A remote attacker could exploit this vulnerability by loading an embedded or plugin related to pdf.js and out_of_process_instance.cc resulting in bypass of the Same Origin Policy.

Successful exploitation of this vulnerability could allow remote attackers to obtain sensitive information from the affected systems.


Impact



Solution/ Workarounds


Upgrade to Google Chrome version 46.0.2490.86


References


http://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2015-0290 .


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.