Описание
Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to install a service worker for a domain that can host attacker controled files via a crafted HTML page.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | 75.0.3770.90-0ubuntu0.18.04.1 |
| cosmic | not-affected | 75.0.3770.90-0ubuntu0.18.10.1 |
| devel | not-affected | 75.0.3770.80-0ubuntu1~snap2 |
| disco | not-affected | 75.0.3770.90-0ubuntu0.19.04.1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was ignored [no longer updated]] |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | trusty was ignored [no longer updated] |
| upstream | released | |
| xenial | not-affected | 74.0.3729.169-0ubuntu0.16.04.1 |
Показывать по
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to install a service worker for a domain that can host attacker controled files via a crafted HTML page.
Insufficiently strict origin checks during JIT payment app installatio ...
Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to install a service worker for a domain that can host attacker controled files via a crafted HTML page.
EPSS
4.3 Medium
CVSS2
6.1 Medium
CVSS3