81 matches found
CVE-2026-11036
Inappropriate implementation in DOM in Google Chrome prior to 149.0.7827.53 allowed a remote attacker to bypass same origin policy via a crafted HTML page. Chromium security severity: Medium...
PT-2026-46565
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in the Document Object Model DOM, a programming interface for web documents, allows a remote attacker to bypass the same origin policy through the use of...
EUVD-2015-6707
Malware in sbrugna...
EUVD-2015-6709
Malware in sbrugna...
EUVD-2011-2331
Malware in sbrugna...
Design/Logic Flaw
The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a...
CVE-2016-1667
The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a...
Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2895-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2895-1 advisory. The DOM implementation in Chromium did not properly restrict frame-attach operations from occurring during or after frame-detach operations. If a user we...
USN-2895-1: Oxide vulnerabilities
The DOM implementation in Chromium did not properly restrict frame-attach operations from occurring during or after frame-detach operations. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. CVE-2016-16...
Design/Logic Flaw
The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp,...
CVE-2016-1623
The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp,...
Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2825-1)
The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2825-1 advisory. Multiple use-after-free bugs were discovered in the application cache implementation in Chromium. If a user were tricked in to opening a specially crafte...
USN-2825-1: Oxide vulnerabilities
Multiple use-after-free bugs were discovered in the application cache implementation in Chromium. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service via application crash, or execute arbitrary code with the...
Google Chrome DOM Homology Policy Bypass Vulnerability
Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in the DOM implementation of Google Chrome versions prior to 47.0.2526.73. A remote attacker can exploit the vulnerability to bypass the same-origin policy...
CVE-2015-6772
The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that improperly interacts with a plugin...
CVE-2015-6772
The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that improperly interacts with a plugin...
CVE-2015-6772
CVE-2015-6772 refers to a flaw in Blink used by Google Chrome before 47.0.2526.73, where the DOM implementation did not prevent javascript: URL navigation while a document was detached. This enables bypass of the Same Origin Policy through crafted JavaScript interactions with a plugin. The issue ...
CVE-2015-6777
Removed by vendor...
CVE-2015-6772
Removed by vendor...
CVE-2015-6770
The DOM implementation in Google Chrome before 47.0.2526.73 allows remote attackers to bypass the Same Origin Policy via unspecified vectors, a different vulnerability than CVE-2015-6768...