Google Chrome Blink Same-Origin Policy Bypass Vulnerability (CNVD-2015-05805)

Google Chrome is a WEB-based browser. A vulnerability in the modules/serviceworkers/NavigatorServiceWorker.cpp NavigatorServiceWorker::serviceWorker function in Google Chrome Blink allows remote attackers to construct a malicious WEB page that can trick the user to parse it, which can bypass the...

Google Chrome Blink Denial of Service Vulnerability (CNVD-2015-05799)

Google Chrome is a WEB-based browser. A vulnerability in the ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Google Chrome Blink allows remote attackers to construct a malicious WEB page and trick users into parsing it, which can bypass the same-origin policy and execut...

Google Chrome DOM Homology Bypass Vulnerability

Google Chrome is a WEB-based browser. A vulnerability in the Google Chrome Blink implementation allows remote attackers to construct malicious WEB pages that can be tricked into parsing by users, which can bypass the same-origin policy and execute special script code...

CVE-2015-1293

The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

CVE-2015-1292

The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker...

Design/Logic Flaw

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service DOM tree corruption via a web...

Design/Logic Flaw

The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

Design/Logic Flaw

The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker...

CVE-2015-1291

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service DOM tree corruption via a web...

CVE-2015-1292

The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy by accessing a Service Worker...

CVE-2015-1291

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service DOM tree corruption via a web...

CVE-2015-1293

CVE-2015-1293: In Blink’s DOM implementation used by Google Chrome prior to 45.0.2454.85, remote attackers could bypass the Same Origin Policy through unspecified vectors. The issue is a DOM-related cross-origin bypass in Chrome/Chromium, addressed by Chrome 45.0.2454.85, with related advisories ...

CVE-2015-1291

CVE-2015-1291 is a concrete Chrome/Blink vulnerability: the ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp fails to validate node types, enabling a remote attacker to bypass same-origin policy or trigger a denial of service (DOM tree corruption) through crafted JavaScript...

CVE-2015-1292

CVE-2015-1292 is a concrete Chrome/Blink vulnerability. The NavigatorServiceWorker::serviceWorker function in modules/serviceworkers/NavigatorServiceWorker.cpp allowed a remote attacker to bypass the Same Origin Policy by accessing a Service Worker, as part of Chrome before 45.0.2454.85. Public d...

CVE-2015-1292

Removed by vendor...

CVE-2015-1291

Removed by vendor...

CVE-2015-1293

Removed by vendor...

CVE-2015-1293

The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

chromium-browser: Cross-origin bypass in DOM

The DOM implementation in Blink, as used in Google Chrome before 45.0.2454.85, allows remote attackers to bypass the Same Origin Policy via unspecified vectors...

chromium-browser: Cross-origin bypass in DOM

The ContainerNode::parserRemoveChild function in core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not check whether a node is expected, which allows remote attackers to bypass the Same Origin Policy or cause a denial of service DOM tree corruption via a web...