Описание
Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | |
| cosmic | ignored | end of life |
| devel | not-affected | |
| disco | ignored | end of life |
| eoan | not-affected | |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored [no longer updated]] |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | trusty was ignored [no longer updated] |
| upstream | released |
Показывать по
6.8 Medium
CVSS2
9.6 Critical
CVSS3
Связанные уязвимости
Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
Using an ID that can be controlled by a compromised renderer which allows any frame to overwrite the page_state of any other frame in the same process in Navigation in Google Chrome on Chrome OS prior to 62.0.3202.74 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.
6.8 Medium
CVSS2
9.6 Critical
CVSS3