26 matches found
SUSE CVE-2015-1291
The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service DOM tree corruption via a web...
WebKit: UXSS via ContainerNode::parserRemoveChild
Here's a snippet of ContainerNode::parserRemoveChild. void ContainerNode::parserRemoveChildNode& oldChild disconnectSubframesIfNeededthis, DescendantsOnly; let xml = let p = document.querySelector'p'; let link = p.appendChilddocument.createElement'link'; link.rel = 'stylesheet'; link.href =...
WebKit ContainerNode::parserRemoveChild (2) Universal Cross Site Scripting
WebKit: UXSS via ContainerNode::parserRemoveChild 2 Here's a snippet of ContainerNode::parserRemoveChild. void ContainerNode::parserRemoveChildNode& oldChild disconnectSubframesIfNeededthis, DescendantsOnly; let xml = let p = document.querySelector'p'; let link =...
WebKit - ContainerNode::parserRemoveChild Universal Cross-Site Scripting
WebKit - ContainerNode::parserRemoveChild Universal Cross-Site Scripting let xml = let p = document.querySelector'p'; let link = p.appendChilddocument.createElement'link'; link.rel = 'stylesheet'; link.href = 'data:,aaaaazxczxczzxzcz'; let btn =...
WebKit - ContainerNode::parserRemoveChild Universal Cross-Site Scripting Exploit
Exploit for multiple platform in category dos / poc let xml = let p = document.querySelector'p'; let link = p.appendChilddocument.createElement'link'; link.rel = 'stylesheet'; link.href = 'data:,aaaaazxczxczzxzcz'; let btn = document.body.appendChilddocument.createElement'button'; btn.id = 'btn';...
WebKit Patch #1110 Universal Cross Site Scripting
WebKit: UXSS: the patch of 1110 made another bug Here's the patch of 1110. https://trac.webkit.org/changeset/212218/trunk/Source/WebCore/dom/ContainerNode.cpp void ContainerNode::parserRemoveChildNode& oldChild disconnectSubframesIfNeededthis, DescendantsOnly; d = document.querySelector'div'; p =...
WebKit - 'ContainerNode::parserRemoveChild' Universal Cross-Site Scripting
let xml = let p = document.querySelector'p'; let link = p.appendChilddocument.createElement'link'; link.rel = 'stylesheet'; link.href = 'data:,aaaaazxczxczzxzcz'; let btn = document.body.appendChilddocument.createElement'button'; btn.id = 'btn'; btn.onfocus = = btn.onfocus = null; window.d =...
Chrome Universal XSS using widget updates in ContainerNode::parserRemoveChild (CVE-2016-1630)
VULNERABILITY DETAILS There are 3 methods where ContainerNode::removeBetween is invoked: 1. ContainerNode::removeChild 2. ContainerNode::parserRemoveChild 3. ContainerNode::removeChildren The calls in 1 and 3 are within the scope of HTMLFrameOwnerElement::UpdateSuspendScope, but 2 is unprotected...
The vulnerability of Google Chrome browser allows a violator to circumvent existing access restrictions policies.
The vulnerability of the ContainerNode::parserRemoveChild function in the Blink kernel of Google Chrome’s browser is related to deficiencies in access control. Exploiting this vulnerability could allow a malicious actor to bypass existing access control policies by using a specially crafted websi...
Google Chrome Multiple Vulnerabilities (Mar 2016) - Linux
Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...
Design/Logic Flaw
The ContainerNode::parserRemoveChild function in WebKit/Source/core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 49.0.2623.75, mishandles widget updates, which makes it easier for remote attackers to bypass the Same Origin Policy via a crafted web site...
CVE-2016-1630
The ContainerNode::parserRemoveChild function in WebKit/Source/core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 49.0.2623.75, mishandles widget updates, which makes it easier for remote attackers to bypass the Same Origin Policy via a crafted web site...
CVE-2016-1630
Removed by vendor...
CVE-2016-1630
The ContainerNode::parserRemoveChild function in WebKit/Source/core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 49.0.2623.75, mishandles widget updates, which makes it easier for remote attackers to bypass the Same Origin Policy via a crafted web site...
Design/Logic Flaw
The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service DOM tree corruption via a web...
CVE-2015-1291
The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service DOM tree corruption via a web...
CVE-2015-1291
CVE-2015-1291 is a concrete Chrome/Blink vulnerability: the ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp fails to validate node types, enabling a remote attacker to bypass same-origin policy or trigger a denial of service (DOM tree corruption) through crafted JavaScript...
CVE-2015-1291
Removed by vendor...
CVE-2015-1291
The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service DOM tree corruption via a web...
The vulnerability of Google Chrome allows a malicious user to circumvent domain restriction rules.
The vulnerability of Google Chrome’s BrowserNode::parserRemoveChild function in core/dom/ContainerNode.cpp the HTML handler in Blink can be exploited by an attacker who operates remotely. This allows them to bypass domain restrictions using a specially crafted HTML document containing an IFRAME...