8389 matches found
CVE-2016-1674
Removed by vendor...
CVE-2016-1692
Removed by vendor...
CVE-2016-1676
Removed by vendor...
CVE-2016-1673
Removed by vendor...
chromium-browser: cross-origin bypass in extension bindings
The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors...
chromium-browser: cross-origin bypass in blink
The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScrip...
CVE-2016-1697
The FrameLoader::startLoad function in WebKit/Source/core/loader/FrameLoader.cpp in Blink, as used in Google Chrome before 51.0.2704.79, does not prevent frame navigations during DocumentLoader detach operations, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScrip...
CVE-2016-1696
The extensions subsystem in Google Chrome before 51.0.2704.79 does not properly restrict bindings access, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors...
Google Chrome Same Origin Policy Bypass Vulnerability (CNVD-2016-03781)
Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in extensions for Google Chrome versions prior to 51.0.2704.63. A remote attacker can exploit the vulnerability to bypass the same-origin policy...
Google Chrome Blink Same-Origin Policy Bypass Vulnerability (CNVD-2016-03782)
Blink is the United States Google Google Inc. and Norway Opens Opera Software company jointly developed a set of browser layout engine rendering engine. A security vulnerability exists in Blink in versions of Google Chrome prior to 51.0.2704.63. A remote attacker could exploit the vulnerability t...
Google Chrome Same Origin Policy Bypass Vulnerability (CNVD-2016-03778)
Google Chrome is a web browser developed by the American company Google Google. A same-origin policy vulnerability exists in the extended bindings of Google Chrome versions prior to 51.0.2704.63. A remote attacker can exploit this vulnerability to bypass the same-origin policy...
Google Chrome Same Origin Policy Bypass Vulnerability (CNVD-2016-03783)
Google Chrome is a web browser developed by the American company Google Google. A security vulnerability exists in the extended bindings of Google Chrome versions prior to 51.0.2704.63. A remote attacker can exploit the vulnerability to bypass the same-origin policy...
Google Chrome Blink Same-Origin Policy Bypass Vulnerability (CNVD-2016-03780)
Blink is the United States Google Google Inc. and Norway Opens Opera Software company jointly developed a set of browser layout engine rendering engine. An ink same-origin policy bypass vulnerability exists in Blink in versions of Google Chrome prior to 51.0.2704.63. A remote attacker can exploit...
chromium-browser: cross-origin bypass in blink
Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Same Origin Policy via unspecified vectors...
chromium-browser: cross-origin bypass in extension bindings
The ModuleSystem::RequireForJsInner function in extensions/renderer/modulesystem.cc in the extension bindings in Google Chrome before 51.0.2704.63 mishandles properties, which allows remote attackers to conduct bindings-interception attacks and bypass the Same Origin Policy via unspecified vector...
chromium-browser: cross-origin bypass in extension bindings
extensions/renderer/resources/binding.js in the extension bindings in Google Chrome before 51.0.2704.63 does not properly use prototypes, which allows remote attackers to bypass the Same Origin Policy via unspecified vectors...
chromium-browser: limited cross-origin bypass in serviceworker
WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via...
chromium-browser: cross-origin bypass in extensions
The extensions subsystem in Google Chrome before 51.0.2704.63 allows remote attackers to bypass the Same Origin Policy via unspecified vectors...
squid: Header Smuggling issue in HTTP Request processing
An input validation flaw was found in Squid's mimegetheaderfield function, which is used to search for headers within HTTP requests. An attacker could send an HTTP request from the client side with specially crafted header Host header that bypasses same-origin security protections, causing Squid...
squid: Header Smuggling issue in HTTP Request processing
An input validation flaw was found in Squid's mimegetheaderfield function, which is used to search for headers within HTTP requests. An attacker could send an HTTP request from the client side with specially crafted header Host header that bypasses same-origin security protections, causing Squid...