Описание
The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL, related to browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 48.0.2564.116-0ubuntu1.1229 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [48.0.2564.116-0ubuntu0.14.04.1.1111]] |
| precise | ignored | |
| trusty | released | 48.0.2564.116-0ubuntu0.14.04.1.1111 |
| trusty/esm | DNE | trusty was released [48.0.2564.116-0ubuntu0.14.04.1.1111] |
| upstream | released | 48.0.2564.109 |
| vivid | ignored | end of life, was needed |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| wily | released | 48.0.2564.116-0ubuntu0.15.10.1.1221 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected] |
| precise | DNE | |
| trusty | not-affected | |
| trusty/esm | DNE | trusty was not-affected |
| upstream | not-affected | |
| vivid | not-affected | |
| vivid/stable-phone-overlay | not-affected | |
| vivid/ubuntu-core | DNE | |
| wily | not-affected |
Показывать по
Ссылки на источники
6.8 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL, related to browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js.
The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL, related to browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js.
The Developer Tools (aka DevTools) subsystem in Google Chrome before 4 ...
The Developer Tools (aka DevTools) subsystem in Google Chrome before 48.0.2564.109 does not validate URL schemes and ensure that the remoteBase parameter is associated with a chrome-devtools-frontend.appspot.com URL, which allows remote attackers to bypass intended access restrictions via a crafted URL, related to browser/devtools/devtools_ui_bindings.cc and WebKit/Source/devtools/front_end/Runtime.js.
Уязвимость браузера Google Chrome, позволяющая нарушителю обойти существующие ограничения доступа
6.8 Medium
CVSS2
8.8 High
CVSS3