9 matches found
EUVD-2015-6723
Malware in sbrugna...
Skylark Holdings Skylark App 安全漏洞
Skylark Holdings Skylark App is a mobile application from Skylark Holdings, a Japanese company. A security vulnerability exists in Skylark Holdings Skylark App version 6.2.13 and earlier, which stems from not properly restricting the custom URL scheme, allowing an attacker to direct the program t...
CVE-2015-6786
The CSPSourceList::matches function in WebKit/Source/core/frame/csp/CSPSourceList.cpp in the Content Security Policy CSP implementation in Google Chrome before 47.0.2526.73 accepts a blob:, data:, or filesystem: URL as a match for a pattern, which allows remote attackers to bypass intended scheme...
CVE-2015-6779
PDFium, as used in Google Chrome before 47.0.2526.73, does not properly restrict use of chrome: URLs, which allows remote attackers to bypass intended scheme restrictions via a crafted PDF document, as demonstrated by a document with a link to a chrome://settings URL...
Design/Logic Flaw
The CSPSourceList::matches function in WebKit/Source/core/frame/csp/CSPSourceList.cpp in the Content Security Policy CSP implementation in Google Chrome before 47.0.2526.73 accepts a blob:, data:, or filesystem: URL as a match for a pattern, which allows remote attackers to bypass intended scheme...
CVE-2015-6786
Removed by vendor...
CVE-2015-6786
CVE-2015-6786 : In Chrome/Chromium, the CSPSourceList::matches function in CSP allowed a wildcard '*' to match blob:, data:, or filesystem: URLs, bypassing CSP scheme restrictions. Affects Google Chrome before 47.0.2526.73 (Chromium upstream); impact is bypass of CSP restrictions in opportunistic...
CVE-2015-6786
The CSPSourceList::matches function in WebKit/Source/core/frame/csp/CSPSourceList.cpp in the Content Security Policy CSP implementation in Google Chrome before 47.0.2526.73 accepts a blob:, data:, or filesystem: URL as a match for a pattern, which allows remote attackers to bypass intended scheme...
chromium-browser: Scheme bypass in PDFium
PDFium, as used in Google Chrome before 47.0.2526.73, does not properly restrict use of chrome: URLs, which allows remote attackers to bypass intended scheme restrictions via a crafted PDF document, as demonstrated by a document with a link to a chrome://settings URL...