Описание
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-37965
- https://chromereleases.googleblog.com/2021/09/stable-channel-update-for-desktop_21.html
- https://crbug.com/1239709
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4DDW7HAHTS3SDVXBQUY4SURELO5D4X7R
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PM7MOYYHJSWLIFZ4TPJTD7MSA3HSSLV2
- https://www.debian.org/security/2022/dsa-5046
Связанные уязвимости
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Inappropriate implementation in Background Fetch API in Google Chrome prior to 94.0.4606.54 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Chromium: CVE-2021-37965 Inappropriate implementation in Background Fetch API
Inappropriate implementation in Background Fetch API in Google Chrome ...
Уязвимость программного интерфейса Background Fetch API браузера Google Chrome, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации