Описание
The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 53.0.2785.143-0ubuntu1.1307 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [52.0.2743.116-0ubuntu0.14.04.1.1134]] |
| precise | ignored | |
| trusty | released | 52.0.2743.116-0ubuntu0.14.04.1.1134 |
| trusty/esm | DNE | trusty was released [52.0.2743.116-0ubuntu0.14.04.1.1134] |
| upstream | released | 52.0.2743.116-1 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| xenial | released | 52.0.2743.116-0ubuntu0.16.04.1.1250 |
| yakkety | released | 53.0.2785.143-0ubuntu1.1307 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1.16.7-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1.17.7-0ubuntu0.14.04.1]] |
| esm-infra/xenial | released | 1.17.7-0ubuntu0.16.04.1 |
| precise | DNE | |
| trusty | released | 1.17.7-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [1.17.7-0ubuntu0.14.04.1] |
| upstream | released | 1.16.6 |
| vivid/stable-phone-overlay | released | 1.17.9-0ubuntu0.15.04.1~overlay2 |
| vivid/ubuntu-core | DNE | |
| xenial | released | 1.17.7-0ubuntu0.16.04.1 |
Показывать по
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144.
The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144.
The Developer Tools (aka DevTools) subsystem in Blink, as used in Goog ...
The Developer Tools (aka DevTools) subsystem in Blink, as used in Google Chrome before 52.0.2743.116, mishandles the script-path hostname, remoteBase parameter, and remoteFrontendUrl parameter, which allows remote attackers to bypass intended access restrictions via a crafted URL, a different vulnerability than CVE-2016-5144.
7.5 High
CVSS2
9.8 Critical
CVSS3