CVE-2025-14986 ExecuteMultiOperation Namespace Policy Bypass

When frontend.enableExecuteMultiOperation is enabled, the server can apply namespace-scoped validation and feature gates for the embedded StartWorkflowExecutionRequest using its Namespace field rather than the outer, authorized ExecuteMultiOperationRequest.Namespace. This allows a caller authoriz...

Chrome Universal XSS using iterables (CVE-2016-1668)

VULNERABILITY DETAILS From /thirdparty/WebKit/Source/bindings/core/v8/Iterable. h: void forEachForBinding... ... v8::LocalcreationContextscriptState-context-Global; v8::Local v8Callbackthe callback. v8Value. As; v8::Localv8ThisArgmethod performs a stable. v8Value; v8::Local args3; args2 =...

chromium-browser: same origin bypass in blink v8 bindings

The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...

Design/Logic Flaw

bindings/scripts/v8types.py in Blink, as used in Google Chrome before 43.0.2357.130, does not properly select a creation context for a return value's DOM wrapper, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code, as demonstrated by use of a data: URL...