Systems Affected
Google Chrome version prior to 46.0.2490.86
Threat Level
Overview
Vulnerability has been reported in Google chrome which could allow remote attackers to obtain sensitive information from the affected systems.
Description
This vulnerability exists in the PDF viewer (pdf.js) function in Google Chrome, which is caused due to improper restriction of scripting messages and API exposure. A remote attacker could exploit this vulnerability by loading an embedded or plugin related to pdf.js and out_of_process_instance.cc resulting in bypass of the Same Origin Policy.
Successful exploitation of this vulnerability could allow remote attackers to obtain sensitive information from the affected systems.
Impact
Solution/ Workarounds
✻ Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.
References
http://www.cert-in.org.in/s2cMainServlet?pageid=PUBVLNOTES01&VLCODE=CIVN-2015-0290 .
Disclaimer
The information provided herein is on "as is" basis, without warranty of any kind
|