2060 matches found
Code injection
The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard postMessage API. By creating a malicious web page with an iFrame targeting a sensitive resource i.e. a locally accessible file or sensitive website, and registering a listener on the web...
CVE-2023-5718
The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard postMessage API. By creating a malicious web page with an iFrame targeting a sensitive resource i.e. a locally accessible file or sensitive website, and registering a listener on the web...
CVE-2023-5718
The Vue.js Devtools extension was found to leak screenshot data back to a malicious web page via the standard postMessage API. By creating a malicious web page with an iFrame targeting a sensitive resource i.e. a locally accessible file or sensitive website, and registering a listener on the web...
CVE-2023-5718
CVE-2023-5718 affects the Vue.js Devtools extension. The issue allows leakage of base64-encoded screenshots of sensitive resource content via the standard postMessage() API when a malicious page with an iframe targets a sensitive resource and registers a listener. Affected component: the Vue.js D...
Vue.js vue-devtools Access Control Error Vulnerability
vue-devtools is a browser development tools extension for debugging Vue.js applications. A security vulnerability exists in Vue.js vue-devtools, which stems from the fact that the extension was found to leak screenshot data back to a malicious web page, postMessage, via the standard API...
PT-2023-32289 · Unknown · Vue.Js Devtools Extension
Name of the Vulnerable Software and Affected Versions: Vue.js Devtools extension affected versions not specified Description: The Vue.js Devtools extension leaks screenshot data back to a malicious web page via the standard postMessage API. This occurs when a malicious web page with an iFrame...
Updated chromium-browser-stable packages fix bugs and vulnerabilities
The chromium-browser-stable package has been updated to the 118.0.5993.70 release, fixing 20 bugs and vulnerabilities. Some of the security fixes are: Critical CVE-2023-5218: Use after free in Site Isolation. Reported by @18 on 2023-09-27 Medium CVE-2023-5487: Inappropriate implementation in...
4help-app-shared (>=1.0.21 <=1.0.26), 4help-shared (>=1.0.2 <=1.0.20) +3205 more potentially affected by CVE-2023-5654 via react-devtools-core (>=1.0.6 <=4.28.0)
react-devtools-core NPM version =1.0.6, =1.0.21, =1.0.2, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =1.0.22, =0.0.12, =1.2.0, =1.0.4, =0.0.1, =0.0.6 and more Source cves: CVE-2023-5654 Source advisory: OSV:GHSA-RXRC-RGV4-JPVX...
Improper Authorization
chromium is vulnerable to Improper Authorization. An attacker could exploit this vulnerability by tricking a user into visiting a malicious website. The website would contain a specially crafted HTML page that would exploit the race condition in DevTools and allow the attacker to break...
The vulnerability of the DevTools suite for web development in Microsoft Edge and Google Chrome browsers allows a hacker to execute arbitrary code.
The vulnerability of the DevTools suite for web development in Microsoft Edge and Google Chrome is related to buffer overflow attacks. Exploiting this vulnerability allows an attacker to execute arbitrary code using a specially created PDF file from a remote location...
Chromium: CVE-2023-5475 Inappropriate implementation in DevTools
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
DEBIAN-CVE-2023-5475
Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2023-5475
Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2023-5475
Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...
Design/Logic Flaw
Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2023-5475
Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2023-5475
Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2023-5475
Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...
CVE-2023-5475
The CVE-2023-5475 issue is an Inappropriate implementation in DevTools of Google Chrome up to version 118.0.5993.70, allowing a user-assisted attacker who installs a crafted malicious extension to bypass discretionary access control. Impact: potential high integrity via extension-based bypass; ex...
SUSE CVE-2023-5475
Inappropriate implementation in DevTools in Google Chrome prior to 118.0.5993.70 allowed an attacker who convinced a user to install a malicious extension to bypass discretionary access control via a crafted Chrome Extension. Chromium security severity: Medium...