Описание
The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search_engines/search_engine_tab_helper.cc in Google Chrome before 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch descriptor XML document, which might allow remote attackers to obtain sensitive information from local files via a crafted (1) http or (2) https web site.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 43.0.2357.81-0ubuntu1.1179 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [43.0.2357.81-0ubuntu0.14.04.1.1089]] |
| lucid | ignored | end of life |
| precise | ignored | |
| trusty | released | 43.0.2357.81-0ubuntu0.14.04.1.1089 |
| trusty/esm | DNE | trusty was released [43.0.2357.81-0ubuntu0.14.04.1.1089] |
| upstream | released | 42.0.2311.90 |
| utopic | released | 43.0.2357.81-0ubuntu0.14.10.1.1131 |
| vivid | released | 43.0.2357.81-0ubuntu0.15.04.1.1170 |
| wily | released | 43.0.2357.81-0ubuntu1.1179 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected] |
| lucid | DNE | |
| precise | DNE | |
| trusty | not-affected | |
| trusty/esm | DNE | trusty was not-affected |
| upstream | not-affected | |
| utopic | not-affected | |
| vivid | not-affected | |
| wily | not-affected |
Показывать по
EPSS
5 Medium
CVSS2
Связанные уязвимости
The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search_engines/search_engine_tab_helper.cc in Google Chrome before 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch descriptor XML document, which might allow remote attackers to obtain sensitive information from local files via a crafted (1) http or (2) https web site.
The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search_engines/search_engine_tab_helper.cc in Google Chrome before 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch descriptor XML document, which might allow remote attackers to obtain sensitive information from local files via a crafted (1) http or (2) https web site.
The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search ...
The SearchEngineTabHelper::OnPageHasOSDD function in browser/ui/search_engines/search_engine_tab_helper.cc in Google Chrome before 42.0.2311.90 does not prevent use of a file: URL for an OpenSearch descriptor XML document, which might allow remote attackers to obtain sensitive information from local files via a crafted (1) http or (2) https web site.
Уязвимость браузера Google Chrome, позволяющая удаленному нарушителю получить доступ к локальным файлам
EPSS
5 Medium
CVSS2