Описание
The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted (1) app or (2) extension.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 45.0.2454.85-0ubuntu1.1198 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [45.0.2454.85-0ubuntu0.14.04.1.1097]] |
| precise | ignored | |
| trusty | released | 45.0.2454.85-0ubuntu0.14.04.1.1097 |
| trusty/esm | DNE | trusty was released [45.0.2454.85-0ubuntu0.14.04.1.1097] |
| upstream | released | 45.0.2454.85 |
| vivid | released | 45.0.2454.85-0ubuntu0.15.04.1.1181 |
| wily | released | 45.0.2454.85-0ubuntu1.1198 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected] |
| precise | DNE | |
| trusty | not-affected | |
| trusty/esm | DNE | trusty was not-affected |
| upstream | not-affected | |
| vivid | not-affected | |
| wily | not-affected |
Показывать по
EPSS
7.5 High
CVSS2
Связанные уязвимости
The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted (1) app or (2) extension.
The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted (1) app or (2) extension.
The WebRequest API implementation in extensions/browser/api/web_reques ...
The WebRequest API implementation in extensions/browser/api/web_request/web_request_api.cc in Google Chrome before 45.0.2454.85 does not properly consider a request's source before accepting the request, which allows remote attackers to bypass intended access restrictions via a crafted (1) app or (2) extension.
Уязвимость браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения доступа
EPSS
7.5 High
CVSS2