31 matches found
EUVD-2011-1212
Malware in sbrugna...
EUVD-2012-2861
Malware in sbrugna...
EUVD-2016-6155
Malware in sbrugna...
EUVD-2016-6159
Malware in sbrugna...
SUSE CVE-2012-2881
Google Chrome before 22.0.1229.79 does not properly handle plug-ins, which allows remote attackers to cause a denial of service DOM tree corruption or possibly have unspecified other impact via unknown vectors...
Chrome Universal XSS by intercepting a UA shadow tree(CVE-2016-5204)
VULNERABILITY DETAILS When an event is dispatched to an element in a SVG shadow tree, the Event::currentTarget returns the original corresponding node, but the Event::target doesn't make any attempt to redirect access. Therefore, the tree can be trivially leaked like this: Gaining access to the...
Chrome Universal XSS using an <input type="color"> element (CVE-2016-5208)
VULNERABILITY DETAILS When an input element is removed, the popup is closed during the layout tree detach: void HTMLInputElement::detachLayoutTreeconst AttachContext& context HTMLTextFormControlElement::detachLayoutTreecontext; mneedsToUpdateViewValue = true; minputTypeView-closePopupView; If the...
CVE-2016-5208
Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
CVE-2016-5204
Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
CVE-2016-5204
Leaking of an SVG shadow tree leading to corruption of the DOM tree in Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...
USN-2735-1: Oxide vulnerabilities
It was discovered that the DOM tree could be corrupted during parsing in some circumstances. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions or cause a denial of service. CVE-2015-1291 An issue was...
Design/Logic Flaw
The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service DOM tree corruption via a web...
CVE-2015-1291
CVE-2015-1291 is a concrete Chrome/Blink vulnerability: the ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp fails to validate node types, enabling a remote attacker to bypass same-origin policy or trigger a denial of service (DOM tree corruption) through crafted JavaScript...
CVE-2015-1291
The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service DOM tree corruption via a web...
CVE-2015-1291
Removed by vendor...
Google Releases Chrome 22 and Pays Out Nearly $30K in Rewards
Google has released Chrome 22, a major new version of its browser that includes a huge number of security fixes, many of them high-priority vulnerabilities. The company also handed out nearly $30,000 in rewards to security researchers, more than half of it to Sergey Glazunov, who discovered two...
CVE-2012-2881
Google Chrome before 22.0.1229.79 does not properly handle plug-ins, which allows remote attackers to cause a denial of service DOM tree corruption or possibly have unspecified other impact via unknown vectors...
CVE-2012-2881
Google Chrome before 22.0.1229.79 does not properly handle plug-ins, which allows remote attackers to cause a denial of service DOM tree corruption or possibly have unspecified other impact via unknown vectors...
Memory corruption
Google Chrome before 22.0.1229.79 does not properly handle plug-ins, which allows remote attackers to cause a denial of service DOM tree corruption or possibly have unspecified other impact via unknown vectors...
CVE-2012-2881
Technical details (affected product/component/version, root cause, exploit info, or remediation) are not publicly available in the provided connected documents beyond the initial CVE description. Monitor for updates from official advisories.