New Chrome Browser 0-day Under Active Attack—Update Immediately!

Google has patched a zero-day vulnerability in Chrome web browser for desktop that it says is being actively exploited in the wild. The company released 88.0.4324.150 for Windows, Mac, and Linux, with a fix for a heap buffer overflow flaw CVE-2021-21148 in its V8 JavaScript rendering engine...

Exploit for Cross-site Scripting in Google Chrome

It is an exploit module for CVE-2017-5124, a Chrome UXSS vulnerability. The target product/service is Google Chrome, and the vulnerability class/vector is User Interface UI Scripting UXSS. The probable entry point is the PoC.mht file, which is a MHTML file containing a malicious XML stylesheet th...

GHSA-R34R-F84J-5X4X Moderate severity vulnerability that affects org.apache.spark:spark-core_2.10 and org.apache.spark:spark-core_2.11

In Apache Spark before 2.2.0, it is possible for an attacker to take advantage of a user's trust in the server to trick them into visiting a link that points to a shared Spark cluster and submits data including MHTML to the Spark master, or history server. This data, which could contain a script,...

Design/Logic Flaw

Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted MHTML page...

CVE-2017-5124

Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted MHTML page...

UBUNTU-CVE-2017-5124

Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted MHTML page...

CVE-2017-5124

Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted MHTML page...

CVE-2017-5124

Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted MHTML page...

CVE-2017-5124

Removed by vendor...

CVE-2017-5124

Incorrect application of sandboxing in Blink in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted MHTML page...

Samsung Internet Browser 6.2.01.12 SOP Bypass / UXSS Vulnerabilities

Samsung Internet Browser version 6.2.01.12 allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via crafted JavaScript code. From: https://poctestblog.blogspot.co.uk/2017/12/samsung-internet-browser-sop-bypassuxss.html Samsung Internet Browser SOP Bypass/UXSS...

Samsung Internet Browser 6.2.01.12 SOP Bypass / UXSS

Samsung Internet Browser SOP Bypass/UXSS There is a Same Origin Policy bypass / Universal Cross Site Scripting issue in Samsung Internet Browser tested on latest version - 6.2.01.12. First of all, using the combination of MHTML and XSLT ends up resulting in a weird interaction. When you create an...

CVE-2017-17859

Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML...

CVE-2017-17859

Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML...

CVE-2017-17859

Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML...

Design/Logic Flaw

Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML...

Samsung Internet Browser 6.2.01.12 SOP Bypass / UXSS

From: https://poctestblog.blogspot.co.uk/2017/12/samsung-internet-browser-sop-bypassuxss.html Samsung Internet Browser SOP Bypass/UXSS There is a Same Origin Policy bypass / Universal Cross Site Scripting issue in Samsung Internet Browser tested on latest version - 6.2.01.12. First of all, using...

CVE-2017-17859

Samsung Internet Browser 6.2.01.12 allows remote attackers to bypass the Same Origin Policy, and conduct UXSS attacks to obtain sensitive information, via vectors involving an IFRAME element inside XSLT data in one part of an MHTML file. Specifically, JavaScript code in another part of this MHTML...

Exploit for Cross-site Scripting in Google Chrome

CVE-2017-5124 UX...

Debian DSA-4020-1 : chromium-browser - security update

Several vulnerabilities have been discovered in the chromium web browser. In addition, this message serves as an annoucment that security support for chromium in the oldstable release jessie, Debian 8, is now discontinued. Debian 8 chromium users that desire continued security updates are strongl...