CVE-2015-1304

Publication date 29 September 2015

Last updated 24 July 2024

Ubuntu priority

object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
chromium-browser	18.10 cosmic	Fixed 45.0.2454.101-0ubuntu1.1201
	18.04 LTS bionic	Fixed 45.0.2454.101-0ubuntu1.1201
	17.10 artful	Fixed 45.0.2454.101-0ubuntu1.1201
	17.04 zesty	Fixed 45.0.2454.101-0ubuntu1.1201
	16.10 yakkety	Fixed 45.0.2454.101-0ubuntu1.1201
	16.04 LTS xenial	Fixed 45.0.2454.101-0ubuntu1.1201
	15.10 wily	Fixed 45.0.2454.101-0ubuntu1.1201
	15.04 vivid	Fixed 45.0.2454.101-0ubuntu0.15.04.1.1183
	14.04 LTS trusty	Fixed 45.0.2454.101-0ubuntu0.14.04.1.1099
	12.04 LTS precise	Ignored
libv8	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	17.10 artful	Not in release
	17.04 zesty	Not in release
	16.10 yakkety	Not in release
	16.04 LTS xenial	Not in release
	15.10 wily	Not in release
	15.04 vivid	Not in release
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Ignored
libv8-3.14	18.10 cosmic	Ignored
	18.04 LTS bionic	Ignored
	17.10 artful	Ignored
	17.04 zesty	Ignored
	16.10 yakkety	Ignored
	16.04 LTS xenial	Ignored
	15.10 wily	Ignored
	15.04 vivid	Ignored
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not in release
oxide-qt	18.10 cosmic	Not in release
	18.04 LTS bionic	Not in release
	17.10 artful	Fixed 1.9.5-0ubuntu1
	17.04 zesty	Fixed 1.9.5-0ubuntu1
	16.10 yakkety	Fixed 1.9.5-0ubuntu1
	16.04 LTS xenial	Fixed 1.9.5-0ubuntu1
	15.10 wily	Fixed 1.9.5-0ubuntu1
	15.04 vivid	Fixed 1.9.5-0ubuntu0.15.04.1
	14.04 LTS trusty	Fixed 1.9.5-0ubuntu0.14.04.1
	12.04 LTS precise	Not in release

CVE-2015-1304

Status

Notes

mikesalvatore

References

Related Ubuntu Security Notices (USN)

Other references