CVE-2012-2899

2014-01-05T20:55:00
ID CVE-2012-2899
Type cve
Reporter cve@mitre.org
Modified 2014-01-07T03:32:00

Description

Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors involving the document.write method.