exploitDog

CVE-2015-6772

Опубликовано: 01 дек. 2015

Источник: redhat

CVSS2: 6.8

EPSS Низкий

Описание

The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that improperly interacts with a plugin.

Ссылки на источники

Дополнительная информация

Статус:

Important

https://bugzilla.redhat.com/show_bug.cgi?id=1287487chromium-browser: Cross-origin bypass in DOM

EPSS

Процентиль: 79%

0.01229

Низкий

6.8 Medium

CVSS2

Связанные уязвимости

CVE-2015-6772

ubuntu

около 10 лет назад

The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that improperly interacts with a plugin.

CVE-2015-6772

nvd

около 10 лет назад

The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that improperly interacts with a plugin.

CVE-2015-6772

debian

около 10 лет назад

The DOM implementation in Blink, as used in Google Chrome before 47.0. ...

GHSA-j4qx-5rrm-wm6c

github

больше 3 лет назад

The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that improperly interacts with a plugin.

openSUSE-SU-2015:2291-1

suse-cvrf

около 10 лет назад

Security update for Chromium

EPSS

Процентиль: 79%

0.01229

Низкий

6.8 Medium

CVSS2