53 matches found
SUSE CVE-2013-6666
The PepperFlashRendererHost::OnNavigate function in renderer/pepper/pepperflashrendererhost.cc in Google Chrome before 33.0.1750.146 does not verify that all headers are Cross-Origin Resource Sharing CORS simple headers before proceeding with a PPBFlash.Navigate operation, which might allow remot...
Chrome Universal XSS via the interception of |Binding| with Object.prototype.create (CVE-2016-1674)
VULNERABILITY DETAILS The fix for the issue 590118 is insufficient to protect against the bindings interception. While they can't be accessed by triggering accessors on the |modules| object anymore, it's still possible to trap the set operation for |Binding. create| using the Object. prototype...
Chrome Universal XSS using a FrameNavigationDisabler bypass (CVE-2016-1673)
VULNERABILITY DETAILS When a top-level navigation is triggered on a frame displaying the initial empty document, FrameLoader::load is invoked directly: void LocalFrame::navigateDocument& originDocument, const KURL& url, bool replaceCurrentItem, UserGestureStatus userGestureStatus ... if isMainFra...
Chrome Universal XSS using widget updates in ContainerNode::parserRemoveChild (CVE-2016-1630)
VULNERABILITY DETAILS There are 3 methods where ContainerNode::removeBetween is invoked: 1. ContainerNode::removeChild 2. ContainerNode::parserRemoveChild 3. ContainerNode::removeChildren The calls in 1 and 3 are within the scope of HTMLFrameOwnerElement::UpdateSuspendScope, but 2 is unprotected...
Chrome Universal XSS using a flaw in the load deferral logic
VULNERABILITY DETAILS This is a regression from https://crrev.com/f92a1f3b9 . Previously, ResourceLoader::start bailed out if ResourceLoader::mdefersLoading was true. Now, it calls setDefersLoading on the associated WebURLLoader instead: void ResourceLoader::startResourceRequest& request...
Chrome Universal XSS using late widget updates (CVE-2017-5006)
VULNERABILITY DETAILS Among the things that Document::shutdown does, |view-dispose| is called: From /thirdparty/WebKit/Source/core/frame/FrameView.cpp: void FrameView::dispose ... // FIXME: Do we need to do something here for OOPI? HTMLFrameOwnerElement ownerElement = mframe-deprecatedLocalOwner;...
The vulnerability of Adobe Pepper Flash software for Google Chrome allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability in Adobe Pepper Flash for Google Chrome allows attackers to circumvent access restrictions...
The vulnerability of Adobe Pepper Flash software for Google Chrome allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability in Adobe Pepper Flash for Google Chrome allows attackers to circumvent access restrictions...
The vulnerability of Adobe Pepper Flash software for Google Chrome allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability in Adobe Pepper Flash for Google Chrome allows attackers to circumvent access restrictions...
The vulnerability of Adobe Pepper Flash software for Google Chrome allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability in Adobe Pepper Flash for Google Chrome allows attackers to circumvent access restrictions...
The vulnerability of Adobe Pepper Flash software for Google Chrome allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.
Vulnerabilities in Adobe Flash Player, Adobe AIR, Adobe AIR SDK, and Adobe AIR SDK & Compiler allow attackers to circumvent access restrictions...
The vulnerability of Adobe Pepper Flash software for Google Chrome allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability in Adobe Pepper Flash for Google Chrome allows attackers to circumvent domain restriction rules...
The vulnerability of Adobe Pepper Flash software for Google Chrome allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability in Adobe Pepper Flash for Google Chrome allows a malicious individual to execute arbitrary code or trigger a service failure a memory corruption error...
The vulnerability of Adobe Pepper Flash software for Google Chrome allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability exists in Adobe Pepper Flash for Google Chrome, due to the possibility of accessing information related to memory addresses. Exploiting this vulnerability allows an attacker to bypass the ASLR Address Space Layout Randomization protection mechanism...
The vulnerability of Adobe Pepper Flash software for Google Chrome allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability in Adobe Pepper Flash for Google Chrome allows an attacker to execute arbitrary code or cause a service failure a memory corruption error...
The vulnerability of Adobe Pepper Flash software for Google Chrome allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability in Adobe Pepper Flash for Google Chrome allows an attacker to execute arbitrary code or cause a service failure a memory corruption error...
The vulnerability of Adobe Pepper Flash software for Google Chrome allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability exists in Adobe Pepper Flash for Google Chrome, due to the possibility of accessing information related to memory addresses. Exploiting this vulnerability allows an attacker to bypass the ASLR Address Space Layout Randomization protection mechanism...
The vulnerability of Adobe Pepper Flash software for Google Chrome allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability exists in Adobe Pepper Flash for Google Chrome, due to the possibility of accessing information related to memory addresses. Exploiting this vulnerability allows an attacker to bypass the ASLR Address Space Layout Randomization protection mechanism...
The vulnerability of Adobe Pepper Flash software for Google Chrome allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability exists in Adobe Pepper Flash for Google Chrome, due to the possibility of accessing information related to memory addresses. Exploiting this vulnerability allows an attacker to bypass the ASLR Address Space Layout Randomization protection mechanism...
The vulnerability of Adobe Pepper Flash software for Google Chrome allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability exists in Adobe Pepper Flash for Google Chrome, due to the possibility of accessing information related to memory addresses. Exploiting this vulnerability allows attackers to bypass the ASLR Address Space Layout Redirection protection mechanism...