Описание
Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.
Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-37999
- https://chromereleases.googleblog.com/2021/10/stable-channel-update-for-desktop_28.html
- https://crbug.com/1251541
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3W46HRT2UVHWSLZB6JZHQF6JNQWKV744
- https://www.debian.org/security/2022/dsa-5046
Связанные уязвимости
Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.
Insufficient data validation in New Tab Page in Google Chrome prior to 95.0.4638.69 allowed a remote attacker to inject arbitrary scripts or HTML in a new browser tab via a crafted HTML page.
Chromium: CVE-2021-37999 Insufficient data validation in New Tab Page
Insufficient data validation in New Tab Page in Google Chrome prior to ...
Уязвимость реализации компонента «New Tab Page» («Новая вкладка») браузеров Google Chrome и Microsoft Edge, позволяющая нарушителю выполнить произвольный код