511 matches found
Google Chrome Service Worker Information Disclosure Vulnerability
Google Chrome is a web browser developed by Google Google.Service Workers is a component that provides offline support for web applications. A security vulnerability exists in Service Worker in versions of Google Chrome prior to 66.0.3359.106, which stems from the program's lack of cross-domain...
CVE-2018-6089
A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page...
CVE-2018-6089
A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page...
Cross site scripting
A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page...
CVE-2018-6089
A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page...
UBUNTU-CVE-2018-6089
A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page...
CVE-2018-6089
Removed by vendor...
CVE-2018-6089
Google Chrome/Chromium prior to 66.0.3359.117 was affected by CVE-2018-6089, a Same Origin Policy bypass in Service Workers triggered by a cross-origin PDF redirect after a Safari-like CORS gap. The workaround is upgrading to 66.0.3359.117 or newer; Chrome’s 66 stable release notes confirm the fi...
CVE-2018-6089
A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page...
CVE-2018-5179
A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60...
chromium-browser: Same origin policy bypass in ServiceWorker
Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...
chromium-browser: Same origin policy bypass in ServiceWorker
Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page...
Google Chrome Same Origin Policy Bypass Vulnerability (CNVD-2018-17051)
Google Chrome is a web browser developed by the American company Google Google. A same-origin policy bypass vulnerability exists in ServiceWorker in Google Chrome. An attacker can exploit the vulnerability to bypass security restrictions and perform unauthorized operations...
FreeBSD : mozilla -- multiple vulnerabilities (cd81806c-26e7-4d4a-8425-02724a2f48af)
Mozilla Foundation reports : CVE-2018-12359: Buffer overflow using computed size of canvas element CVE-2018-12360: Use-after-free when using focus CVE-2018-12361: Integer overflow in SwizzleData CVE-2018-12358: Same-origin bypass using service worker and redirection CVE-2018-12362: Integer overfl...
Security vulnerabilities fixed in Firefox 61 — Mozilla
A buffer overflow can occur when rendering canvas content while adjusting the height and width of the element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when deleti...
mozilla -- multiple vulnerabilities
Mozilla Foundation reports: CVE-2018-12359: Buffer overflow using computed size of canvas element CVE-2018-12360: Use-after-free when using focus CVE-2018-12361: Integer overflow in SwizzleData CVE-2018-12358: Same-origin bypass using service worker and redirection CVE-2018-12362: Integer overflo...
I discovered a browser bug
I accidentally discovered a huge browser bug a few months ago and I'm pretty excited about it. Security engineers always seem like the "cool kids" to me, so I'm hoping that now I can be part of the club, and y'know, get into the special parties or whatever. I've noticed that a lot of these securi...
I discovered a browser bug
I accidentally discovered a huge browser bug a few months ago and I'm pretty excited about it. Security engineers always seem like the "cool kids" to me, so I'm hoping that now I can be part of the club, and y'know, get into the special parties or whatever. I've noticed that a lot of these securi...
CVE-2018-5106
Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox ...
CVE-2018-5106
Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox ...