CVE-2015-1241

Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack.
Configurations

Configuration 1 (hide)

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*

Configuration 5 (hide)

cpe:2.3:o:suse:linux_enterprise:12.0:*:*:*:*:*:*:*

Configuration 6 (hide)

OR cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:6.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:6.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:6.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-04-19 10:59

Updated : 2024-01-26 18:56


NVD link : CVE-2015-1241

Mitre link : CVE-2015-1241

CVE.ORG link : CVE-2015-1241


JSON object : View

Products Affected

suse

  • linux_enterprise

redhat

  • enterprise_linux_eus
  • enterprise_linux_server_aus
  • enterprise_linux_desktop
  • enterprise_linux_server_eus
  • enterprise_linux_server
  • enterprise_linux_workstation

opensuse

  • opensuse

canonical

  • ubuntu_linux

debian

  • debian_linux

google

  • chrome
CWE
CWE-1021

Improper Restriction of Rendered UI Layers or Frames