CVE-2015-1290
Publication date 9 January 2018
Last updated 25 August 2025
Ubuntu priority
Description
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| chromium-browser | ||
| 18.04 LTS bionic |
Not affected
|
|
| 16.04 LTS xenial |
Not affected
|
|
| 14.04 LTS trusty | Not in release | |
| oxide-qt | ||
| 18.04 LTS bionic | Not in release | |
| 16.04 LTS xenial | Ignored Ubuntu touch end-of-life | |
| 14.04 LTS trusty | Not in release |
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
8.8 · High
|
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | Required |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
References
Other references
- http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1
- http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html
- http://lists.opensuse.org/opensuse-updates/2015-12/msg00116.html
- http://www.nsfocus.net/index.php?act=advisory&do=view&adv_id=80
- https://bugs.chromium.org/p/chromium/issues/detail?id=505374
- https://codereview.chromium.org/1233453004
- https://www.cve.org/CVERecord?id=CVE-2015-1290