6903 matches found
CVE-2016-1711
CVE-2016-1711 is a Same-Origin Policy bypass in Blink used by Google Chrome prior to 52.0.2743.82. The root cause is that WebKit/Blink’s FrameLoader.cpp did not disable frame navigation during a detach operation on a DocumentLoader object, allowing a crafted website to bypass SOP. Public referenc...
CVE-2016-1710
The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
CVE-2016-1710
CVE-2016-1710 affects Google Chrome/Chromium before 52.0.2743.82. The vulnerability is in Blink’s ChromeClientImpl::createWindow, where deferred frames can create windows, allowing remote attackers to bypass the Same Origin Policy via crafted sites. Public reports in multiple advisories (e.g., De...
CVE-2016-5128
CVE-2016-5128 refers to a Same-Origin Policy bypass in the V8 JavaScript engine used by Google Chrome/Chromium. Objects.cc in V8 before 5.2.361.27 allowed API interceptors to modify a store target without setting a property, enabling a crafted website to bypass SOP. Affected products/versions cit...
CVE-2016-5132
Removed by vendor...
CVE-2016-1710
Removed by vendor...
CVE-2016-5128
Removed by vendor...
CVE-2016-1711
Removed by vendor...
CVE-2016-5128
objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
CVE-2016-5132
The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME...
CVE-2016-1711
WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
UBUNTU-CVE-2016-1711
WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not disable frame navigation during a detach operation on a DocumentLoader object, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
UBUNTU-CVE-2016-5132
The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME...
UBUNTU-CVE-2016-1710
The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
UBUNTU-CVE-2016-5128
objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
CVE-2016-1710
The ChromeClientImpl::createWindow method in WebKit/Source/web/ChromeClientImpl.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not prevent window creation by a deferred frame, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
CVE-2016-4590
WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
CVE-2016-4590
WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
DEBIAN-CVE-2016-4590
WebKit in Apple iOS before 9.3.3 and Safari before 9.1.2 mishandles about: URLs, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
CVE-2016-4583
WebKit in Apple iOS before 9.3.3, Safari before 9.1.2, and tvOS before 9.2.2 allows remote attackers to bypass the Same Origin Policy and obtain image date from an unintended web site via a timing attack involving an SVG document...