Описание
The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp, HTMLFrameOwnerElement.h, LocalFrame.cpp, and WebLocalFrameImpl.cpp.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 48.0.2564.116-0ubuntu1.1229 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [48.0.2564.116-0ubuntu0.14.04.1.1111]] |
| precise | ignored | |
| trusty | released | 48.0.2564.116-0ubuntu0.14.04.1.1111 |
| trusty/esm | DNE | trusty was released [48.0.2564.116-0ubuntu0.14.04.1.1111] |
| upstream | released | 48.0.2564.109 |
| vivid | ignored | end of life, was needed |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| wily | released | 48.0.2564.116-0ubuntu0.15.10.1.1221 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1.12.6-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1.12.6-0ubuntu0.14.04.1]] |
| precise | DNE | |
| trusty | released | 1.12.6-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [1.12.6-0ubuntu0.14.04.1] |
| upstream | released | 1.12.6 |
| vivid | ignored | end of life, was needed |
| vivid/stable-phone-overlay | released | 1.12.6-0ubuntu0.15.04.1~overlay1 |
| vivid/ubuntu-core | DNE | |
| wily | released | 1.12.6-0ubuntu0.15.10.1 |
Показывать по
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp, HTMLFrameOwnerElement.h, LocalFrame.cpp, and WebLocalFrameImpl.cpp.
The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp, HTMLFrameOwnerElement.h, LocalFrame.cpp, and WebLocalFrameImpl.cpp.
The DOM implementation in Google Chrome before 48.0.2564.109 does not ...
The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp, HTMLFrameOwnerElement.h, LocalFrame.cpp, and WebLocalFrameImpl.cpp.
Уязвимость браузера Google Chrome, позволяющая нарушителю обойти существующую политику ограничения доступа
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3