CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

10 matches found

UbuntuCve•added 2016/05/31 12:0 a.m.•24 views

CVE-2016-1675

Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy by leveraging the mishandling of Document reattachment during destruction, related to FrameLoader.cpp and LocalFrame.cpp...

8.8CVSS7.2AI score0.01534EPSS

Exploits1References3

Prion•added 2016/02/14 2:59 a.m.•25 views

Design/Logic Flaw

The DOM implementation in Google Chrome before 48.0.2564.109 does not properly restrict frame-attach operations from occurring during or after frame-detach operations, which allows remote attackers to bypass the Same Origin Policy via a crafted web site, related to FrameLoader.cpp,...

6.8CVSS6.5AI score0.01179EPSS

Exploits1References11Affected Software3

UbuntuCve•added 2016/02/13 12:0 a.m.•27 views

CVE-2016-1623

8.8CVSS7.2AI score0.01179EPSS

Exploits1References2

BDU FSTEC•added 2015/07/31 12:0 a.m.•4 views

The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure.

The vulnerability of the LocalFrame::isURLAllowed function core/frame/LocalFrame.cpp in the Google Chrome browser component exists due to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to trigger a service failure by using a specially crafted Java scrip...

7.5CVSS7.7AI score0.02171EPSS

Exploits0References4Affected Software1

RedHat Linux•added 2015/07/27 9:8 a.m.•2 views

chromium-browser: Use-after-free in blink.

The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service invalid count value and use-after-free or possibly...

7.5CVSS7.6AI score0.02171EPSS

Exploits0References5