Unrated severityNVD Advisory· Published Nov 11, 2015· Updated May 6, 2026

CVE-2015-1302

Description

The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and API exposure, which allows remote attackers to bypass the Same Origin Policy via an unintended embedder or unintended plugin loading, related to pdf.js and out_of_process_instance.cc.

Affected products

Google/Chrome
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Range: <=46.0.2490.80

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

googlechromereleases.blogspot.com/2015/11/stable-channel-update.htmlnvd
lists.opensuse.org/opensuse-updates/2015-11/msg00120.htmlnvd
lists.opensuse.org/opensuse-updates/2015-11/msg00121.htmlnvd
rhn.redhat.com/errata/RHSA-2015-1841.htmlnvd
www.debian.org/security/2015/dsa-3415nvd
www.securityfocus.com/bid/77537nvd
www.securitytracker.com/id/1034132nvd
code.google.com/p/chromium/issues/detailnvd
codereview.chromium.org/1316803003nvd
security.gentoo.org/glsa/201603-09nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000