VYPR
← All advisories
Unrated severityNVD Advisory· Published May 20, 2015· Updated May 6, 2026

CVE-2015-1254

CVE-2015-1254

Description

core/dom/Document.cpp in Blink, as used in Google Chrome before 43.0.2357.65, enables the inheritance of the designMode attribute, which allows remote attackers to bypass the Same Origin Policy by leveraging the availability of editing.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Blink's designMode inheritance in Google Chrome before 43.0.2357.65 allows bypass of Same Origin Policy via editing availability.

Vulnerability

The vulnerability exists in core/dom/Document.cpp of Blink, as used in Google Chrome before version 43.0.2357.65. The designMode attribute is improperly inherited across documents, enabling a Same Origin Policy bypass.

Exploitation

A remote attacker can exploit this by leveraging the availability of editing on a page, triggering the inheritance of the designMode attribute across origins, thus bypassing the Same Origin Policy.

Impact

Successful exploitation allows an attacker to bypass the Same Origin Policy, potentially leading to unauthorized access to cross-origin resources and information disclosure.

Mitigation

The vulnerability is fixed in Google Chrome 43.0.2357.65 and later. Users should upgrade to this version or newer. The Gentoo security advisory [1] recommends upgrading www-client/chromium to at least 43.0.2357.65. No workaround is available [1].

References
  1. Multiple vulnerabilities (GLSA 201506-04) — Gentoo security

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

9

News mentions

0

No linked articles in our index yet.