Bug 925713 (CVE-2015-1233) - VUL-0: CVE-2015-1233: chromium: combination of V8, Gamepad and IPC bugs that can lead to remote code execution
Summary: VUL-0: CVE-2015-1233: chromium: combination of V8, Gamepad and IPC bugs that ...
Status: RESOLVED FIXED
Alias: CVE-2015-1233
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other openSUSE 13.2
: P3 - Medium : Major
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/115474/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-04-02 13:41 UTC by Andreas Stieger
Modified: 2015-04-29 11:24 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Stieger 2015-04-02 13:41:42 UTC 
Google Chrome before 41.0.2272.118 does not properly handle the interaction of
IPC, the Gamepad API, and Google V8, which allows remote attackers to execute
arbitrary code via unspecified vectors.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1208422
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1233
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1233
http://googlechromereleases.blogspot.com/2015/04/stable-channel-update.html
https://code.google.com/p/chromium/issues/detail?id=469058
Comment 1 Swamp Workflow Management 2015-04-02 22:00:14 UTC 
bugbot adjusting priority
Comment 2 Bernhard Wiedemann 2015-04-02 23:00:08 UTC 
This is an autogenerated message for OBS integration:
This bug (925713) was mentioned in
https://build.opensuse.org/request/show/294257 Factory / chromium
https://build.opensuse.org/request/show/294258 13.2 / chromium
https://build.opensuse.org/request/show/294259 13.1 / chromium
Comment 3 Andreas Stieger 2015-04-03 14:47:33 UTC 
Thank you for the submits. Starting security update process and assigning back to the security team.
Comment 4 Swamp Workflow Management 2015-04-08 14:06:21 UTC 
openSUSE-SU-2015:0682-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 925713,925714
CVE References: CVE-2015-1233,CVE-2015-1234
Sources used:
openSUSE 13.2 (src):    chromium-41.0.2272.118-20.1
openSUSE 13.1 (src):    chromium-41.0.2272.118-75.1
Comment 5 Andreas Stieger 2015-04-29 11:24:18 UTC 
was released