VDB
CVE-2015-1241
CVE-2015-1241
PUBLISHED
Google Chrome before 42.0.2311.90 does not properly consider the interaction of page navigation with the handling of touch events and gesture events, which allows remote attackers to trigger unintended UI actions via a crafted web site that conducts a "tapjacking" attack.
EPSS 2.83% · 86.5th percentile
Risk Scores
EPSS Score
2.83%
86.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | oxide-qt | 0, 1.0.0~bzr437-0ubuntu1, 1.0.0~bzr452-0ubuntu1 |
| Ubuntu:14.04:LTS | chromium-browser | 29.0.1547.65-0ubuntu2, 0, 31.0.1650.63-0ubuntu1~20131204.1 |
Exploit Intelligence
- https://code.google.com/p/chromium/issues/detail?id=418402 (vulncheck-nvd)
Timeline
- Apr 19, 2015 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Sep 7, 2023 EPSS Score
- Oct 29, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2015-1241 third-party-advisory
- https://codereview.chromium.org/868123002 third-party-advisory
- https://codereview.chromium.org/717573004 third-party-advisory
- https://codereview.chromium.org/660663002 third-party-advisory
- https://codereview.chromium.org/628763003 third-party-advisory
- https://code.google.com/p/chromium/issues/detail?id=418402 third-party-advisory
- http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html third-party-advisory
- https://ubuntu.com/security/notices/USN-2570-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2015-1241 third-party-advisory