Описание
core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 33.0.1750.152-0ubuntu1~pkg995.1 |
| lucid | ignored | end of life |
| precise | released | 33.0.1750.152-0ubuntu0.12.04.1~pkg879.1 |
| quantal | released | 33.0.1750.152-0ubuntu0.12.10.1~pkg895.1 |
| saucy | released | 33.0.1750.152-0ubuntu0.13.10.1~pkg984.1 |
| upstream | released | 33.0.1750.117 |
Показывать по
EPSS
6.4 Medium
CVSS2
Связанные уязвимости
core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.
core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used i ...
core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, inserts the about:blank URL during certain blocking of FORM elements within HTTP requests, which allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via unspecified vectors.
EPSS
6.4 Medium
CVSS2