Описание
The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 53.0.2785.143-0ubuntu1.1307 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [52.0.2743.116-0ubuntu0.14.04.1.1134]] |
| precise | ignored | |
| trusty | released | 52.0.2743.116-0ubuntu0.14.04.1.1134 |
| trusty/esm | DNE | trusty was released [52.0.2743.116-0ubuntu0.14.04.1.1134] |
| upstream | released | 52.0.2743.82 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| wily | ignored | end of life |
| xenial | released | 52.0.2743.116-0ubuntu0.16.04.1.1250 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1.16.7-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1.16.5-0ubuntu0.14.04.1]] |
| esm-infra/xenial | released | 1.16.5-0ubuntu0.16.04.1 |
| precise | DNE | |
| trusty | released | 1.16.5-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [1.16.5-0ubuntu0.14.04.1] |
| upstream | released | 1.16.5 |
| vivid/stable-phone-overlay | released | 1.17.9-0ubuntu0.15.04.1~overlay2 |
| vivid/ubuntu-core | DNE | |
| wily | ignored | end of life |
Показывать по
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element.
The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element.
The Service Workers subsystem in Google Chrome before 52.0.2743.82 doe ...
The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element.
EPSS
6.8 Medium
CVSS2
8.8 High
CVSS3