Описание
object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 45.0.2454.101-0ubuntu1.1201 |
| bionic | released | 45.0.2454.101-0ubuntu1.1201 |
| cosmic | released | 45.0.2454.101-0ubuntu1.1201 |
| devel | released | 45.0.2454.101-0ubuntu1.1201 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [45.0.2454.101-0ubuntu0.14.04.1.1099]] |
| precise | ignored | |
| precise/esm | DNE | precise was ignored |
| trusty | released | 45.0.2454.101-0ubuntu0.14.04.1.1099 |
| trusty/esm | DNE | trusty was released [45.0.2454.101-0ubuntu0.14.04.1.1099] |
| upstream | released | 45.0.2454.101 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | DNE | |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| trusty | DNE | |
| trusty/esm | DNE | |
| upstream | needs-triage |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support |
| cosmic | ignored | end of life |
| devel | ignored | libv8 not supported |
| esm-apps/bionic | ignored | libv8 not supported |
| esm-apps/xenial | ignored | libv8 not supported |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored [libv8 not supported]] |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| artful | released | 1.9.5-0ubuntu1 |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1.9.5-0ubuntu0.14.04.1]] |
| esm-infra/xenial | released | 1.9.5-0ubuntu1 |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | released | 1.9.5-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [1.9.5-0ubuntu0.14.04.1] |
Показывать по
EPSS
7.5 High
CVSS2
Связанные уязвимости
object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call.
object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call.
object-observe.js in Google V8, as used in Google Chrome before 45.0.2 ...
object-observe.js in Google V8, as used in Google Chrome before 45.0.2454.101, does not properly restrict method calls on access-checked objects, which allows remote attackers to bypass the Same Origin Policy via a (1) observe or (2) getNotifier call.
Уязвимость браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения доступа
EPSS
7.5 High
CVSS2