CVE-2018-17472

Опубликовано: 14 нояб. 2018

Источник: debian

Описание

Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
chromium-browser	fixed	70.0.3538.67-1		package
chromium-browser	end-of-life		jessie	package

Связанные уязвимости

CVE-2018-17472

CVSS3: 9.6

ubuntu

около 7 лет назад

Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page.

CVE-2018-17472

CVSS3: 6.5

redhat

больше 7 лет назад

Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page.

CVE-2018-17472

CVSS3: 9.6

nvd

около 7 лет назад

Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page.

GHSA-xr8x-2h22-4fr9

CVSS3: 9.6

github

больше 3 лет назад

Incorrect handling of googlechrome:// URL scheme on iOS in Intents in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to escape the <iframe> sandbox via a crafted HTML page.

openSUSE-SU-2018:3396-1

suse-cvrf

больше 7 лет назад

Security update for Chromium