Google Chrome Same Origin Policy Bypass Vulnerability (CNVD-2018-17048)

Google Chrome is a web browser developed by the American company Google Google. A same-origin policy bypass vulnerability exists in WebAudio in Google Chrome. An attacker can exploit the vulnerability to bypass security restrictions and perform unauthorized operations...

Google Chrome Same Origin Policy Bypass Vulnerability (CNVD-2018-17051)

Google Chrome is a web browser developed by the American company Google Google. A same-origin policy bypass vulnerability exists in ServiceWorker in Google Chrome. An attacker can exploit the vulnerability to bypass security restrictions and perform unauthorized operations...

Google Chrome extension installation privilege bypass vulnerability

Google Chrome is a web browser developed by Google, Inc. extension installation is one of the plug-in installation program. A security vulnerability exists in extension installation in Google Chrome versions prior to 68.0.3440.75. A remote attacker can exploit this vulnerability to bypass the...

Google Chrome Blink CORS Bypass Vulnerability

Google Chrome is a web browser developed by Google Inc. Blink is a browser layout engine rendering engine jointly developed by Google Inc. and Opera Software of Norway. A security vulnerability exists in Blink in Google Chrome versions prior to 68.0.3440.75. The vulnerability can be exploited by ...

Debian: Security Advisory (DSA-4256-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mozilla: CSRF attacks through 307 redirects and NPAPI plugins

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery CSRF attacks. This vulnerability affects Thunderbird 60,...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 42 security fixes in this release, including: 850350 High CVE-2018-6153: Stack buffer overflow in Skia. Reported by Zhen Zhou of NSFOCUS Security Team on 2018-06-07 848914 High CVE-2018-6154: Heap buffer overflow in WebGL. Reported by Omair on 2018-06-01 842265 Hig...

Stable Channel Update for Desktop

The Chrome team is delighted to announce the promotion of Chrome 68 to the stable channel for Windows, Mac and Linux. This will roll out over the coming days/weeks. Chrome 68.0.3440.75 contains a number of fixes and improvements -- a list of changes is available in the log. Watch out for upcoming...

Shopify: Preview bar: Incomplete message origin validation results in XSS

The JavaScript code at https://cdn.shopify.com/s/assets/storefront/bars/previewbarinjector-73a4756a265c637c998799750759ae548e7f68b136e8e93e83132904afc3d30d.js loaded by the shop front when a theme is previewed installs a message event listener. The following check is used to reject invalid event...

Chrome Now Features Site Isolation to Defend Against Spectre

Google introduced new security mitigations for its Chrome browser to defend against recently discovered Spectre variants. The new security feature, called site isolation, essentially isolates different browser work processes between various browser tabs. That means one tab’s webpage rendering and...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Firefox regressions (USN-3705-2)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3705-2 advisory. USN-3705-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize...

USN-3705-2 firefox regressions

USN-3705-1 fixed vulnerabilities in Firefox. The update introduced various minor regressions. This update fixes the problems. We apologize for the inconvenience. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafte...

DNS Rebind Toolkit - A Front-End JavaScript Toolkit For Creating DNS Rebinding Attacks

DNS Rebind Toolkit is a frontend JavaScript framework for developing DNS Rebinding exploits against vulnerable hosts and services on a local area network LAN. It can be used to target devices like Google Home, Roku, Sonos WiFi speakers, WiFi routers, "smart" thermostats, and other IoT devices. Wi...

Ubuntu: Security Advisory (USN-3705-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS : Firefox vulnerabilities (USN-3705-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-3705-1 advisory. Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacke...

USN-3705-1: Firefox vulnerabilities

Multiple security issues were discovered in Firefox. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, read uninitialized memory, bypass same-origin restrictions, bypass CORS restrictions, bypass CSRF...

EulerOS 2.0 SP3 : firefox (EulerOS-SA-2018-1189)

According to the versions of the firefox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An out of bounds write flaw was found in the processing of vorbis audio data. A maliciously crafted file or audio stream could cause the...

Mozilla: CSRF attacks through 307 redirects and NPAPI plugins

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery CSRF attacks. This vulnerability affects Thunderbird 60,...

Mozilla: CSRF attacks through 307 redirects and NPAPI plugins

NPAPI plugins, such as Adobe Flash, can send non-simple cross-origin requests, bypassing CORS by making a same-origin POST that does a 307 redirect to the target site. This allows for a malicious site to engage in cross-site request forgery CSRF attacks. This vulnerability affects Thunderbird 60,...

Mozilla Firefox Same-Origin Policy Bypass Vulnerability (CNVD-2018-14984)

Mozilla Firefox is an open source web browser developed by the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla Firefox prior to version 61. A remote attacker could exploit this vulnerability by tricking users into visiting a specially crafted website to bypass...