6903 matches found
Input validation
The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
CVE-2016-1667
The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a...
CVE-2016-1668
CVE-2016-1668 concerns a cross-origin bypass in the V8 bindings to Blink/WebKit via the forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h. Affected software is Google Chrome prior to 50.0.2661.102, with the impact described as bypassing the Same Origin Policy through a craft...
CVE-2016-1668
The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
CVE-2016-1667
CVE-2016-1667 describes a cross-origin bypass in the DOM implementation of Blink/WebKit used by Google Chrome before 50.0.2661.102. The vulnerability stems from the TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp, which failed to prevent script execution during node adop...
CVE-2016-1668
Removed by vendor...
CVE-2016-1667
Removed by vendor...
chromium-browser: same origin bypass in blink v8 bindings
The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
chromium-browser: same origin bypass in dom
The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a...
CVE-2016-1667
The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a...
CVE-2016-1668
The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
UBUNTU-CVE-2016-1667
The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a...
Google Chrome < 50.0.2661.102 Multiple Vulnerabilities
The version of Google Chrome installed on the remote Windows host is prior to 50.0.2661.102. It is, therefore, affected by multiple vulnerabilities as referenced in the 201605stable-channel-update advisory. - The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrom...
Google Chrome < 50.0.2661.102 Multiple Vulnerabilities
The version of Google Chrome installed on the remote macOS host is prior to 50.0.2661.102. It is, therefore, affected by multiple vulnerabilities as referenced in the 201605stable-channel-update advisory. - The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome...
UBUNTU-CVE-2016-1668
The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
5 Vulnerabilities Fixed In Chrome Browser, Google Pays $20K to Bug Hunters
Google is urging Windows, Mac and Linux users to update their Chrome browser to fix five security holes – two which rate as high severity. Google warned users of the vulnerabilities Wednesday as it released a new version, 50.0.2661.102, of the browser. The Chrome security holes were found by four...
Pornhub: Same-Origin Method Execution bug in plupload.flash.swf on /insights
The researcher discovered a Same-Origin Method Execution SOME vulnerability on Pornhub's Insights blog. An insecure URL sanitization process was performed in the file plupload.flash.swf. The code in the file attempts to remove flashVars in case they have been set GET parameters but fails to do so...
CVE-2016-1667
The TreeScope::adoptIfNeeded function in WebKit/Source/core/dom/TreeScope.cpp in the DOM implementation in Blink, as used in Google Chrome before 50.0.2661.102, does not prevent script execution during node-adoption operations, which allows remote attackers to bypass the Same Origin Policy via a...
CVE-2016-1668
The forEachForBinding function in WebKit/Source/bindings/core/v8/Iterable.h in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.102, uses an improper creation context, which allows remote attackers to bypass the Same Origin Policy via a crafted web site...
Squid Security Bypass Vulnerability (CNVD-2016-03061)
Squid full name Squid Cache is a suite of proxy server and web caching server software. The software provides features such as caching the World Wide Web, filtering traffic, and proxying the Internet. A security bypass vulnerability exists in the mimeheader.cc file in versions of Squid prior to...