VYPR
Unrated severityNVD Advisory· Published Apr 19, 2015· Updated Jun 17, 2026

CVE-2015-1235

CVE-2015-1235

Description

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in the HTML parser in Blink, as used in Google Chrome before 42.0.2311.90, allows remote attackers to bypass the Same Origin Policy via a crafted HTML document with an IFRAME element.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • Google/Chrome2 versions
    cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*range: <=42.0.2311.60
    • (no CPE)range: <42.0.2311.90
  • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*+ 2 more
    • cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.