GHSA-HRJ8-HJV8-MGWC Anyquery: AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin

AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin | Field | Value | | ---------------- | ----- | | Repository | julien040/anyquery | | Affected version | 0.4.4 commit 0abd460 | | Vulnerability | CWE-94 — Improper Control of Generation of Code | | Severity | High | Summary Th...

Anyquery: AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin

AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin | Field | Value | | ---------------- | ----- | | Repository | julien040/anyquery | | Affected version | 0.4.4 commit 0abd460 | | Vulnerability | CWE-94 — Improper Control of Generation of Code | | Severity | High | Summary Th...

PT-2026-47572

AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin | Field | Value | | ---------------- | ----- | | Repository | julien040/anyquery | | Affected version | 0.4.4 commit 0abd460 | | Vulnerability | CWE-94 — Improper Control of Generation of Code | | Severity | High | Summary Th...

SUSE CVE-2024-6997

Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

DEBIAN-CVE-2024-6997

Use after free in Tabs in Google Chrome prior to 127.0.6533.72 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: Medium...

The vulnerability of Google Chrome’s user tabs allows a hacker to replace the user’s interface.

The vulnerability of Google Chrome’s user tabs is related to improperly implemented security checks for standard elements. Exploiting this vulnerability allows a malicious actor to replace the user interface with a specially created HTML page...

Malware on the Google Play store leads to harmful phishing sites

A family of malicious apps from developer Mobile apps Group are listed on Google Play and infected with Android/Trojan.HiddenAds.BTGTHB. In total, four apps are listed, and together they have amassed at least one million downloads. Older versions of these apps have been detected in the past as...

CVE-2018-6079

Inappropriate sharing of TEXTURE2DARRAY/TEXTURE3D data between tabs in WebGL in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

The vulnerability of the Firefox browser, which allows attackers to carry out UXSS attacks

The vulnerability of the WebExtension sandbox component browser/components/extensions/ext-tabs.js in the Firefox browser does not properly restrict the inheritance from API calls like chrome.tabs.create and chrome.tabs.update. Exploiting this vulnerability allows a malicious actor to perform UXSS...

CVE-2016-2817

The WebExtension sandbox feature in browser/components/extensions/ext-tabs.js in Mozilla Firefox before 46.0 does not properly restrict principal inheritance during chrome.tabs.create and chrome.tabs.update API calls, which allows remote attackers to conduct Universal XSS UXSS attacks via a craft...

Mozilla Firefox Cross-Site Scripting Vulnerability (CNVD-2016-02671)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. The chrome.tabs.update API in Mozilla Firefox's Web Extension allows the program to navigate to javascript: URLs when the user does not have additional privileges, allowing remote attackers to...