WebKit - ContainerNode::parserInsertBefore Universal Cross-Site Scripting Exploit

Exploit for multiple platform in category dos / poc Sources: https://bugs.chromium.org/p/project-zero/issues/detail?id=1146 https://bugs.chromium.org/p/chromium/issues/detail?id=519558 VULNERABILITY DETAILS From /WebKit/Source/core/dom/ContainerNode.cpp: ---------------- void...

The vulnerability of Google Chrome browser allows a violator to circumvent existing access restrictions policies.

The vulnerability of the ContainerNode::parserInsertBefore function in Google Chrome is related to deficiencies in access control for certain functions. Exploiting this vulnerability allows a malicious actor to circumvent existing access control policies by using specially crafted JavaScript code...

UBUNTU-CVE-2015-6755

The ContainerNode::parserInsertBefore function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 46.0.2490.71, proceeds with a DOM tree insertion in certain cases where a parent node no longer contains a child node, which allows remote attackers to bypass the Same Origin...