307 matches found
EUVD-2026-34445
Inappropriate implementation in Workers in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
Astra Linux - уязвимость в firefox
Service workers may reveal the script-based base URL due to dynamic import. This vulnerability affects Firefox versions earlier than 113...
Astra Linux - уязвимость в firefox
Service Workers did not correctly detect Private Browsing Mode in all cases, which could result in Service Workers being written to disk for websites visited in Private Browsing Mode. This would not preserve them in a state where they would run again, but it would allow Private Browsing Mode...
Astra Linux - уязвимость в chromium
Inappropriate implementations in service workers in Google Chrome prior to version 96.0.4664.45 allowed a remote attacker who had compromised the renderer process to bypass site isolation through a crafted HTML page...
Astra Linux - уязвимость в firefox
DoS attacks in the DOM: Service Workers component. This vulnerability was fixed in Firefox 147 and Thunderbird 147...
Chromium: CVE-2026-5911 Policy bypass in ServiceWorkers
This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...
CVE-2026-5911
A policy bypass flaw was found in the ServiceWorkers component of the Chromium browser. Upstream bugs: https://code.google.com/p/chromium/issues/detail?id=485785246...
EUVD-2026-20742
Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...
Linux Distros Unpatched Vulnerability : CVE-2026-5911
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page...
CVE-2026-5911
Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...
CVE-2026-5911
Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...
CVE-2026-5911
Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...
CVE-2026-5911
Policy bypass in ServiceWorkers in Google Chrome prior to 147.0.7727.55 allowed a remote attacker to bypass content security policy via a crafted HTML page. Chromium security severity: Low...
Google Chrome 安全漏洞
Google Chrome is a web browser developed by Google Inc. Versions of Google Chrome prior to 147.0.7727.55 contained a security vulnerability due to a bypass of the ServiceWorkers policy. This vulnerability could allow remote attackers to bypass content security policies through specially crafted...
CVE-2026-34778
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, a service worker running in a session could spoof reply messages on the internal IPC channel used by webContents.executeJavaScript and...
Electron 数据伪造问题漏洞
Electron is an open-source JavaScript framework developed by users for creating cross-platform desktop applications. This framework is based on Node.js and Chromium, allowing the development of cross-platform desktop applications using HTML and CSS. Versions of Electron prior to 38.8.6, 39.8.1,...
CVE-2026-34778 Electron: Service worker can spoof executeJavaScript IPC replies
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, a service worker running in a session could spoof reply messages on the internal IPC channel used by webContents.executeJavaScript and...
CVE-2026-34778
Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. Prior to versions 38.8.6, 39.8.1, 40.8.1, and 41.0.0, a service worker running in a session could spoof reply messages on the internal IPC channel used by webContents.executeJavaScript and...
Electron: Service worker can spoof executeJavaScript IPC replies
Impact A service worker running in a session could spoof reply messages on the internal IPC channel used by webContents.executeJavaScript and related methods, causing the main-process promise to resolve with attacker-controlled data. Apps are only affected if they have service workers registered...
Insufficient Verification of Data Authenticity
Overview electron is a framework which lets you write cross-platform desktop applications using JavaScript, HTML and CSS. Affected versions of this package are vulnerable to Insufficient Verification of Data Authenticity via the webContents.executeJavaScript function. An attacker can manipulate t...