Chrome Universal XSS using stack overflow exceptions (CVE-2015-1303)

VULNERABILITY DETAILS When the maximum call stack size is exceeded, a RangeError object is created using isolate's current context. Thus, if a cross-origin context had been entered through the V8WrapperInstantiationScope constructor, for example, a cross-origin exception will be propagated to the...

Debian Security Advisory DSA 3376-1 (chromium-browser - security update)

Several vulnerabilities have been discovered in the chromium web browser. CVE-2015-1303 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in the DOM implementation. CVE-2015-1304 Mariusz Mlynski discovered a way to bypass the Same Origin Policy in the v8 javascript library...

Chrome 46 Patches, Mixed Content Warning Changes

Google has made some changes to the way it presents browser warnings in Chrome. Starting with Chrome 46, don’t expect to see the yellow warning icon on HTTPS pages with minor errors. Google announced on Tuesday that it would start marking those pages with the neutral icon it uses on unencrypted...

Stable Channel Update

The Chrome team is delighted to announce the promotion of Chrome 46 to the stable channel for Windows, Mac and Linux. Chrome 46.0.2490.71 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming Chrome and Chromium blog posts about new...