Home

CVE-2015-6762

Description

The CSSFontFaceSrcValue::fetch function in core/css/CSSFontFaceSrcValue.cpp in the Cascading Style Sheets (CSS) implementation in Blink, as used in Google Chrome before 46.0.2490.71, does not use the CORS cross-origin request algorithm when a fonts URL appears to be a same-origin URL, which allows remote web servers to bypass the Same Origin Policy via a redirect.

Risk Information

Base Score
8.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
0.699

Associated Vulnerability

VulnerabilityOS Platform
Update for Google Chrome (46.0.2490.71)Windows
Update for Google Chrome x64 (46.0.2490.71)Windows
Update for Google Chrome (51.0.2704.63)Windows
Update for Google Chrome x64 (51.0.2704.63)Windows
Updates for Google Chrome (66.0.3359.170)Windows
Updates for Google Chrome (x64) (66.0.3359.170)Windows
Updates for Google Chrome (66.0.3359.181)Windows
Updates for Google Chrome (x64) (66.0.3359.181)Windows
Updates for Google Chrome (67.0.3396.62)Windows
Updates for Google Chrome (x64) (67.0.3396.62)Windows
Updates for Google Chrome (67.0.3396.79)Windows
Updates for Google Chrome (x64) (67.0.3396.79)Windows
Updates for Google Chrome (67.0.3396.87)Windows
Updates for Google Chrome (x64) (67.0.3396.87)Windows
Google Chrome (67.0.3396.99)Windows
Google Chrome (x64) (67.0.3396.99)Windows
Multiple vulnerabilities are fixed in Update for Google Chrome For Mac (46.0.2490.71)Mac
Web browser engine library for Qt (QML plugin) (USN-2770-1) liboxideqtcore0_1.11.3-0ubuntu0.15.04.1_i386.debLinux
Web browser engine library for Qt (QML plugin) (USN-2770-1) liboxideqtcore0_1.11.3-0ubuntu0.15.04.1_amd64.debLinux
Web browser engine library for Qt (QML plugin) (USN-2770-2) liboxideqtcore0_1.9.5-0ubuntu1_i386.debLinux
Web browser engine library for Qt (QML plugin) (USN-2770-2) liboxideqtcore0_1.9.5-0ubuntu1_amd64.debLinux
Web browser engine library for Qt (QML plugin) (USN-2860-1) liboxideqtcore0_1.9.5-0ubuntu1_i386.debLinux
Web browser engine library for Qt (QML plugin) (USN-2860-1) liboxideqtcore0_1.9.5-0ubuntu1_amd64.debLinux
Web browser engine library for Qt (QML plugin) (USN-2877-1) liboxideqtcore0_1.9.5-0ubuntu1_i386.debLinux
Web browser engine library for Qt (QML plugin) (USN-2877-1) liboxideqtcore0_1.9.5-0ubuntu1_amd64.debLinux
Web browser engine for Qt (QML plugin) (USN-2920-1) liboxideqtcore0_1.9.5-0ubuntu1_i386.debLinux
Web browser engine for Qt (QML plugin) (USN-2920-1) liboxideqtcore0_1.9.5-0ubuntu1_amd64.debLinux
Update for Google Chrome (46.0.2490.71) (For Ubuntu)Linux
Update for Google Chrome (51.0.2704.63) (For Ubuntu)Linux
Updates for Google Chrome (66.0.3359.170) (For Ubuntu)Linux
Update for Google Chrome (46.0.2490.71) (For Debian)Linux
Update for Google Chrome (51.0.2704.63) (For Debian)Linux
Updates for Google Chrome (66.0.3359.170) (For Debian)Linux
Updates for Google Chrome (66.0.3359.181) (For Debian)Linux
Updates for Google Chrome (67.0.3396.62) (For Debian)Linux
Updates for Google Chrome (67.0.3396.79) (For Debian)Linux
Updates for Google Chrome (67.0.3396.87) (For Debian)Linux
Google Chrome (67.0.3396.99) (For Debian)Linux
Update for Google Chrome (46.0.2490.71) (For Centos)Linux
Update for Google Chrome (51.0.2704.63) (For Centos)Linux
Updates for Google Chrome (66.0.3359.170) (For Centos)Linux
Updates for Google Chrome (66.0.3359.181) (For Centos)Linux
Updates for Google Chrome (67.0.3396.62) (For Centos)Linux
Updates for Google Chrome (67.0.3396.79) (For Centos)Linux
Updates for Google Chrome (67.0.3396.87) (For Centos)Linux
Google Chrome (67.0.3396.99) (For Centos)Linux
Update for Google Chrome (46.0.2490.71) (For RedHat)Linux
Update for Google Chrome (51.0.2704.63) (For RedHat)Linux
Updates for Google Chrome (66.0.3359.170) (For RedHat)Linux
Updates for Google Chrome (66.0.3359.181) (For RedHat)Linux
Updates for Google Chrome (67.0.3396.62) (For RedHat)Linux
Updates for Google Chrome (67.0.3396.79) (For RedHat)Linux
Updates for Google Chrome (67.0.3396.87) (For RedHat)Linux
Google Chrome (67.0.3396.99) (For RedHat)Linux
Update for Google Chrome (46.0.2490.71) (For Suse)Linux
Update for Google Chrome (51.0.2704.63) (For Suse)Linux
Updates for Google Chrome (66.0.3359.170) (For Suse)Linux
Updates for Google Chrome (66.0.3359.181) (For Suse)Linux
Updates for Google Chrome (67.0.3396.62) (For Suse)Linux
Updates for Google Chrome (67.0.3396.79) (For Suse)Linux
Updates for Google Chrome (67.0.3396.87) (For Suse)Linux
Google Chrome (67.0.3396.99) (For Suse)Linux
Updates for Google Chrome (66.0.3359.181) (For Ubuntu)Linux
Updates for Google Chrome (67.0.3396.62) (For Ubuntu)Linux
Updates for Google Chrome (67.0.3396.79) (For Ubuntu)Linux
Updates for Google Chrome (67.0.3396.87) (For Ubuntu)Linux
Google Chrome (67.0.3396.99) (For Ubuntu)Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-302924Update for Google Chrome (46.0.2490.71)
PATCH-302925Update for Google Chrome x64 (46.0.2490.71)
PATCH-303496Update for Google Chrome (51.0.2704.63)
PATCH-303497Update for Google Chrome x64 (51.0.2704.63)
PATCH-307513Updates for Google Chrome (66.0.3359.170)
PATCH-307515Updates for Google Chrome (x64) (66.0.3359.170)
PATCH-307534Updates for Google Chrome (66.0.3359.181)
PATCH-307535Updates for Google Chrome (x64) (66.0.3359.181)
PATCH-307607Updates for Google Chrome (67.0.3396.62)
PATCH-307608Updates for Google Chrome (x64) (67.0.3396.62)
PATCH-307641Updates for Google Chrome (67.0.3396.79)
PATCH-307644Updates for Google Chrome (x64) (67.0.3396.79)
PATCH-307660Updates for Google Chrome (67.0.3396.87)
PATCH-307662Updates for Google Chrome (x64) (67.0.3396.87)
PATCH-307715Google Chrome (67.0.3396.99)
PATCH-307716Google Chrome (x64) (67.0.3396.99)
PATCH-609673Google Chrome for Mac (132.0.6834.83, 132.0.6834.84)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234