Описание
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-5811
- https://chromereleases.googleblog.com/2019/04/stable-channel-update-for-desktop_23.html
- https://crbug.com/771815
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CPM7VPE27DUNJLXM4F5PAAEFFWOEND6X
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FKN4GPMBQ3SDXWB4HL45II5CZ7P2E4AI
- https://seclists.org/bugtraq/2019/Aug/19
- https://security.gentoo.org/glsa/201908-18
- https://www.debian.org/security/2019/dsa-4500
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00085.html
Связанные уязвимости
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 74.0.3729.108 allowed a remote attacker to bypass same origin policy via a crafted HTML page.
Incorrect handling of CORS in ServiceWorker in Google Chrome prior to ...
Уязвимость скрипта ServiceWorker браузера Google Chrome, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании