CVE-2015-1236

Publication date 19 April 2015

Last updated 24 July 2024

Ubuntu priority

The MediaElementAudioSourceNode::process function in modules/webaudio/MediaElementAudioSourceNode.cpp in the Web Audio API implementation in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy and obtain sensitive audio sample values via a crafted web site containing a media element.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
chromium-browser	15.10 wily	Fixed 43.0.2357.81-0ubuntu1.1179
	15.04 vivid	Fixed 43.0.2357.81-0ubuntu0.15.04.1.1170
	14.10 utopic	Fixed 43.0.2357.81-0ubuntu0.14.10.1.1131
	14.04 LTS trusty	Fixed 43.0.2357.81-0ubuntu0.14.04.1.1089
	12.04 LTS precise	Ignored
	10.04 LTS lucid	Ignored
oxide-qt	15.10 wily	Fixed 1.7.7-0ubuntu0.15.04.1~ppa1
	15.04 vivid	Fixed 1.6.5-0ubuntu0.15.04.1
	14.10 utopic	Fixed 1.6.5-0ubuntu0.14.10.1
	14.04 LTS trusty	Fixed 1.6.5-0ubuntu0.14.04.1
	12.04 LTS precise	Not in release
	10.04 LTS lucid	Not in release

References

Related Ubuntu Security Notices (USN)

USN-2570-1
Oxide vulnerabilities
27 April 2015

CVE-2015-1236

Status

References

Related Ubuntu Security Notices (USN)

Other references