Lucene search
+L

511 matches found

CNVD
CNVD
added 2018/12/05 12:0 a.m.7 views

Google Chrome Service Worker Information Disclosure Vulnerability

Google Chrome is a web browser developed by Google Google.Service Workers is a component that provides offline support for web applications. A security vulnerability exists in Service Worker in versions of Google Chrome prior to 66.0.3359.106, which stems from the program's lack of cross-domain...

6.5CVSS6.9AI score0.01597EPSS
Exploits0References1
NVD
NVD
added 2018/12/04 5:29 p.m.13 views

CVE-2018-6089

A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page...

6.5CVSS6.5AI score0.01597EPSS
Exploits0References6
OSV
OSV
added 2018/12/04 5:29 p.m.4 views

CVE-2018-6089

A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page...

6.5CVSS7.3AI score0.01597EPSS
Exploits0References6
Prion
Prion
added 2018/12/04 5:29 p.m.17 views

Cross site scripting

A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page...

4.3CVSS6.3AI score0.01597EPSS
Exploits0References6Affected Software5
UbuntuCve
UbuntuCve
added 2018/12/04 5:29 p.m.23 views

CVE-2018-6089

A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page...

6.5CVSS6.9AI score0.01597EPSS
Exploits0References2
OSV
OSV
added 2018/12/04 5:29 p.m.2 views

UBUNTU-CVE-2018-6089

A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page...

6.5CVSS7AI score0.01597EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2018/12/04 5:0 p.m.36 views

CVE-2018-6089

Removed by vendor...

6.5CVSS8AI score0.01597EPSS
Exploits0
CVE
CVE
added 2018/12/04 5:0 p.m.148 views

CVE-2018-6089

Google Chrome/Chromium prior to 66.0.3359.117 was affected by CVE-2018-6089, a Same Origin Policy bypass in Service Workers triggered by a cross-origin PDF redirect after a Safari-like CORS gap. The workaround is upgrading to 66.0.3359.117 or newer; Chrome’s 66 stable release notes confirm the fi...

6.5CVSS6.2AI score0.01597EPSS
Exploits0References6Affected Software1
Cvelist
Cvelist
added 2018/12/04 5:0 p.m.28 views

CVE-2018-6089

A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page...

6.4AI score0.01597EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2018/10/17 11:49 a.m.30 views

CVE-2018-5179

A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60...

7.5CVSS4.7AI score0.01489EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2018/07/30 3:10 p.m.15 views

chromium-browser: Same origin policy bypass in ServiceWorker

Insufficient policy enforcement in ServiceWorker in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page...

6.5CVSS7.4AI score0.00787EPSS
Exploits0References5
RedHat Linux
RedHat Linux
added 2018/07/30 3:10 p.m.14 views

chromium-browser: Same origin policy bypass in ServiceWorker

Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page...

6.5CVSS7.4AI score0.01663EPSS
Exploits0References5
CNVD
CNVD
added 2018/07/25 12:0 a.m.4 views

Google Chrome Same Origin Policy Bypass Vulnerability (CNVD-2018-17051)

Google Chrome is a web browser developed by the American company Google Google. A same-origin policy bypass vulnerability exists in ServiceWorker in Google Chrome. An attacker can exploit the vulnerability to bypass security restrictions and perform unauthorized operations...

6.5CVSS7.1AI score0.01663EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2018/06/27 12:0 a.m.39 views

FreeBSD : mozilla -- multiple vulnerabilities (cd81806c-26e7-4d4a-8425-02724a2f48af)

Mozilla Foundation reports : CVE-2018-12359: Buffer overflow using computed size of canvas element CVE-2018-12360: Use-after-free when using focus CVE-2018-12361: Integer overflow in SwizzleData CVE-2018-12358: Same-origin bypass using service worker and redirection CVE-2018-12362: Integer overfl...

9.8CVSS7.3AI score0.04831EPSS
Exploits3References22
Mozilla
Mozilla
added 2018/06/26 12:0 a.m.552 views

Security vulnerabilities fixed in Firefox 61 — Mozilla

A buffer overflow can occur when rendering canvas content while adjusting the height and width of the element dynamically, causing data to be written outside of the currently computed boundaries. This results in a potentially exploitable crash. A use-after-free vulnerability can occur when deleti...

9.8CVSS9.5AI score0.04647EPSS
Exploits0References19Affected Software1
FreeBSD
FreeBSD
added 2018/06/26 12:0 a.m.52 views

mozilla -- multiple vulnerabilities

Mozilla Foundation reports: CVE-2018-12359: Buffer overflow using computed size of canvas element CVE-2018-12360: Use-after-free when using focus CVE-2018-12361: Integer overflow in SwizzleData CVE-2018-12358: Same-origin bypass using service worker and redirection CVE-2018-12362: Integer overflo...

9.8CVSS1AI score0.04831EPSS
Exploits3References3
Jake Archibald's Blog
Jake Archibald's Blog
added 2018/06/20 2:17 p.m.182 views

I discovered a browser bug

I accidentally discovered a huge browser bug a few months ago and I'm pretty excited about it. Security engineers always seem like the "cool kids" to me, so I'm hoping that now I can be part of the club, and y'know, get into the special parties or whatever. I've noticed that a lot of these securi...

4.3CVSS6.5AI score0.02673EPSS
Exploits0
Jake Archibald's Blog
Jake Archibald's Blog
added 2018/06/20 2:17 p.m.48 views

I discovered a browser bug

I accidentally discovered a huge browser bug a few months ago and I'm pretty excited about it. Security engineers always seem like the "cool kids" to me, so I'm hoping that now I can be part of the club, and y'know, get into the special parties or whatever. I've noticed that a lot of these securi...

4.3CVSS6.5AI score0.02673EPSS
Exploits0
OSV
OSV
added 2018/06/11 9:29 p.m.2 views

CVE-2018-5106

Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox ...

5.3CVSS7.3AI score0.01288EPSS
Exploits0References5
NVD
NVD
added 2018/06/11 9:29 p.m.23 views

CVE-2018-5106

Style editor traffic in the Developer Tools can be routed through a service worker hosted on a third party website if a user selects error links when these tools are open. This can allow style editor information used within Developer Tools to leak cross-origin. This vulnerability affects Firefox ...

5.3CVSS4.7AI score0.01288EPSS
Exploits0References5
Rows per page
Query Builder