Описание
The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to conduct Universal XSS (UXSS) attacks via vectors involving events.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 33.0.1750.152-0ubuntu1~pkg995.1 |
| lucid | ignored | end of life |
| precise | released | 33.0.1750.152-0ubuntu0.12.04.1~pkg879.1 |
| quantal | released | 33.0.1750.152-0ubuntu0.12.10.1~pkg895.1 |
| saucy | released | 33.0.1750.152-0ubuntu0.13.10.1~pkg984.1 |
| upstream | released | 33.0.1750.149 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| lucid | DNE | |
| precise | DNE | |
| quantal | DNE | |
| saucy | DNE | |
| upstream | needs-triage |
Показывать по
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to conduct Universal XSS (UXSS) attacks via vectors involving events.
The GenerateFunction function in bindings/scripts/code_generator_v8.pm ...
The GenerateFunction function in bindings/scripts/code_generator_v8.pm in Blink, as used in Google Chrome before 33.0.1750.149, does not implement a certain cross-origin restriction for the EventTarget::dispatchEvent function, which allows remote attackers to conduct Universal XSS (UXSS) attacks via vectors involving events.
EPSS
4.3 Medium
CVSS2