Описание
Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 76.0.3809.87-0ubuntu0.18.04.1 |
| devel | released | 77.0.3865.120-0ubuntu2 |
| disco | released | 76.0.3809.87-0ubuntu0.19.04.1 |
| eoan | released | 77.0.3865.120-0ubuntu1.19.10.1 |
| esm-infra-legacy/trusty | DNE | |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
| trusty/esm | DNE | |
| upstream | released | 76.0.3809.87 |
| xenial | released | 76.0.3809.87-0ubuntu0.16.04.1 |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
4.3 Medium
CVSS3
Связанные уязвимости
Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.
Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.
Insufficient data validation in CORS in Google Chrome prior to 76.0.38 ...
Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.
Уязвимость веб-браузера Google Chrome, связанная с некорректной фильтрацией портов в CORS, позволяющая нарушителю обойти существующие ограничения безопасности
EPSS
4.3 Medium
CVSS2
4.3 Medium
CVSS3