46 matches found
CVE-2016-1622
The Extensions subsystem in Google Chrome before 48.0.2564.109 does not prevent use of the Object.defineProperty method to override intended extension behavior, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code...
CVE-2016-1622
Removed by vendor...
CVE-2016-1622
CVE-2016-1622 affects Google Chrome prior to 48.0.2564.109. The Extensions subsystem does not prevent use of Object.defineProperty to override intended extension behavior, enabling remote attackers to bypass the Same Origin Policy via crafted JavaScript. Connected sources (e.g., Debian/Debian sec...
Type confusion
The ObjectBackedNativeHandler class in extensions/renderer/objectbackednativehandler.cc in the extensions subsystem in Google Chrome before 47.0.2526.80 improperly implements handler functions, which allows remote attackers to cause a denial of service or possibly have unspecified other impact vi...
CVE-2015-6788
Removed by vendor...
CVE-2015-6788
CVE-2015-6788 affects Google Chrome prior to 47.0.2526.80. The issue is a type confusion in the extensions subsystem, specifically the ObjectBackedNativeHandler in extensions/renderer/object_backed_native_handler.cc, which can be triggered remotely to cause a denial of service and possibly unspec...