Google Chrome < 4.5.103.29 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 4.5.103.29. It is, therefore, affected by multiple vulnerabilities as referenced in the 201509stable-channel-update advisory. - Multiple unspecified vulnerabilities in Google Chrome before 45.0.2454.85 allow attackers to...

EUVD-2016-6155

Malware in sbrugna...

EUVD-2015-6692

Malware in sbrugna...

EUVD-2016-6159

Malware in sbrugna...

EUVD-2012-2861

Malware in sbrugna...

EUVD-2011-1212

Malware in sbrugna...

SUSE CVE-2012-2881

Google Chrome before 22.0.1229.79 does not properly handle plug-ins, which allows remote attackers to cause a denial of service DOM tree corruption or possibly have unspecified other impact via unknown vectors...

Uncontrolled recursion in ammonia

An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization...

CVE-2020-26870

Cure53 DOMPurify before 2.0.17 allows mutation XSS. This occurs because a serialize-parse roundtrip does not necessarily return the original DOM tree, and a namespace can change from HTML to MathML, as demonstrated by nesting of FORM elements...

Hardcoded credentials

An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization...

CVE-2019-15542

An issue was discovered in the ammonia crate before 2.1.0 for Rust. There is uncontrolled recursion during HTML DOM tree serialization...

RUSTSEC-2019-0001 Uncontrolled recursion leads to abort in HTML serialization

Affected versions of this crate did use recursion for serialization of HTML DOM trees. This allows an attacker to cause abort due to stack overflow by providing a pathologically nested input. The flaw was corrected by serializing the DOM tree iteratively instead...

Uncontrolled recursion leads to abort in HTML serialization

Affected versions of this crate did use recursion for serialization of HTML DOM trees. This allows an attacker to cause abort due to stack overflow by providing a pathologically nested input. The flaw was corrected by serializing the DOM tree iteratively instead...

Chrome Universal XSS using widget updates in ContainerNode::parserRemoveChild (CVE-2016-1630)

VULNERABILITY DETAILS There are 3 methods where ContainerNode::removeBetween is invoked: 1. ContainerNode::removeChild 2. ContainerNode::parserRemoveChild 3. ContainerNode::removeChildren The calls in 1 and 3 are within the scope of HTMLFrameOwnerElement::UpdateSuspendScope, but 2 is unprotected...

Chrome Universal XSS through adopting image elements (CVE-2016-1667)

VULNERABILITY DETAILS When a node is being adopted, the tree scope adopter calls |didMoveToNewDocument| on each rescoped node in the tree. The 同理 ， iframe 、 js也采用类似的处理流程 implementation of |didMoveToNewDocument| calls the corresponding method on the related loader, which clears and stops observing...

Chrome Universal XSS via fullscreen element updates (CVE-2016-5207)

VULNERABILITY DETAILS From /thirdparty/WebKit/Source/core/dom/Fullscreen.cpp: void Fullscreen::didEnterFullscreenForElementElement element ... // FIXME: This should not call updateStyleAndLayoutTree. document-updateStyleAndLayoutTree; ... Indeed. |didEnterFullscreenForElement| may be called in th...

Chrome Universal XSS by polluting private scripts with named properties (CVE-2017-5008)

VULNERABILITY DETAILS When a private script method is invoked, a ScriptForbiddenScope::AllowUserAgentScript scope is set up to allow running the internal script. It is possible to exploit this scope to execute user code here: static v8::Local compileAndRunPrivateScriptScriptState scriptState,...

Chrome Universal XSS by intercepting a UA shadow tree(CVE-2016-5204)

VULNERABILITY DETAILS When an event is dispatched to an element in a SVG shadow tree, the Event::currentTarget returns the original corresponding node, but the Event::target doesn't make any attempt to redirect access. Therefore, the tree can be trivially leaked like this: Gaining access to the...

Chrome Universal XSS using an <input type="color"> element (CVE-2016-5208)

VULNERABILITY DETAILS When an input element is removed, the popup is closed during the layout tree detach: void HTMLInputElement::detachLayoutTreeconst AttachContext& context HTMLTextFormControlElement::detachLayoutTreecontext; mneedsToUpdateViewValue = true; minputTypeView-closePopupView; If the...

CVE-2016-5207

In Blink in Google Chrome prior to 55.0.2883.75 for Mac, Windows and Linux, and 55.0.2883.84 for Android, corruption of the DOM tree could occur during the removal of a full screen element, which allowed a remote attacker to achieve arbitrary code execution via a crafted HTML page...