6903 matches found
Fast Browser Vulnerability
KChrome, derived from Google's open source project Chromium and compatible with IE, is a browser with dual kernels of Webkit and IE. Thanks to the high performance of Webkit, you will be faster when browsing the web in normal times. A design vulnerability exists in Crypto Browser that allows...
Adobe Reader and Acrobat Security Bypass (APSB16-26 : CVE-2016-4215)
This vulnerability is an instance of same-origin policy violation. An attacker can exploit this vulnerability by enticing a user to open a maliciously crafted PDF file. Successful exploitation can trick embedded JavaScript code to run in the wrong context, potentially leading to a security bypass...
Google Chrome Blink Same-Origin Policy Bypass Vulnerability (CNVD-2016-05520)
Blink is the United States Google Google Inc. and Norway Opens Opera Software company jointly developed a set of browser layout engine rendering engine. A same-origin policy bypass vulnerability exists in the 'ChromeClientImpl::createWindow' method in the WebKit/Source/web/ChromeClientImpl.cpp fi...
FreeBSD : chromium -- multiple vulnerabilities (6fae9fe1-5048-11e6-8aa7-3065ec8fd3ec)
Google Chrome Releases reports : 48 security fixes in this release, including : - 610600 High CVE-2016-1706: Sandbox escape in PPAPI. Credit to Pinkie Pie xisigr of Tencent's Xuanwu Lab - 613949 High CVE-2016-1708: Use-after-free in Extensions. Credit to Adam Varsan - 614934 High CVE-2016-1709:...
DLA-558-1 squid - security update
Bulletin has no description...
CVE-2016-5132
The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME...
CVE-2016-5132
The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME...
CVE-2016-5128
objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
CVE-2016-5128
objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
CVE-2016-1711
WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
CVE-2016-1711
WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
CVE-2016-1710
The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
CVE-2016-1710
The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
Design/Logic Flaw
objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
Design/Logic Flaw
WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
Design/Logic Flaw
The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
Design/Logic Flaw
The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME...
CVE-2016-5128
Removed by vendor...
CVE-2016-1711
Removed by vendor...
CVE-2016-5132
Removed by vendor...