Lucene search
+L

305 matches found

cvelist
cvelist
added 2016/06/05 11:0 p.m.29 views

CVE-2016-1692

WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via...

6.1AI score0.01127EPSS
Exploits0References12
debiancve
debiancve
added 2016/06/05 11:0 p.m.42 views

CVE-2016-1692

Removed by vendor...

5.3CVSS7.6AI score0.01127EPSS
Exploits0
cve
cve
added 2016/06/05 11:0 p.m.92 views

CVE-2016-1692

CVE-2016-1692 concerns WebKit/Blink: StyleSheetContents.cpp in Blink, used by Google Chrome prior to 51.0.2704.63, allows a ServiceWorker to cause cross-origin loading of CSS stylesheets even when the stylesheet has an incorrect MIME type. This enables bypassing the Same Origin Policy via a craft...

5.3CVSS5.9AI score0.01127EPSS
Exploits0References12Affected Software8
cve
cve
added 2016/06/05 11:0 p.m.95 views

CVE-2016-1682

The CVE-2016-1682 entry covers a CSP bypass in ServiceWorker registration via Blink/WebKit used by Google Chrome prior to 51.0.2704.63. Affected component is ServiceWorkerContainer::registerServiceWorkerImpl in Blink; root cause is CSP protection bypass during ServiceWorker registration. Impact i...

6.1CVSS6.6AI score0.0111EPSS
Exploits0References12Affected Software1
opensuse
opensuse
added 2016/06/05 4:7 p.m.48 views

Security update for Chromium (important)

Chromium was updated to 51.0.2704.79 to fix the following vulnerabilities: - CVE-2016-1696: Cross-origin bypass in Extension bindings - CVE-2016-1697: Cross-origin bypass in Blink - CVE-2016-1698: Information leak in Extension bindings - CVE-2016-1699: Parameter sanitization failure in DevTools -...

6.8CVSS1.4AI score0.03094EPSS
Exploits7References2
cnvd
cnvd
added 2016/06/05 12:0 a.m.6 views

Google Chrome ServiceWorker Policy Bypass Vulnerability

Google Chrome is a popular web browser. A security vulnerability in Google Chrome ServiceWorker allows remote attackers to exploit the vulnerability to build malicious WEB pages that trick users into parsing, which can bypass CSP policies...

6.1CVSS8.9AI score0.0111EPSS
Exploits0References1
cnvd
cnvd
added 2016/06/05 12:0 a.m.7 views

Unspecified Vulnerability in Google Chrome ServiceWorker

Google Chrome is a popular web browser. An unspecified vulnerability exists in Google Chrome ServiceWorker, which allows remote attackers to exploit the vulnerability to build malicious WEB pages and trick users into parsing them for attacks...

5.3CVSS8.9AI score0.01127EPSS
Exploits0References1
osv
osv
added 2016/05/31 12:0 a.m.5 views

UBUNTU-CVE-2016-1682

The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy CSP protection mechanism via a ServiceWorker...

6.1CVSS7.3AI score0.0111EPSS
Exploits0References4
ubuntucve
ubuntucve
added 2016/05/31 12:0 a.m.19 views

CVE-2016-1692

WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via...

5.3CVSS6.9AI score0.01127EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2016/05/31 12:0 a.m.23 views

CVE-2016-1682

The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy CSP protection mechanism via a ServiceWorker...

6.1CVSS6.9AI score0.0111EPSS
Exploits0References3
threatpost
threatpost
added 2016/05/27 7:0 a.m.38 views

Researcher Pockets $30,000 in Chrome Bounties

Security researcher Mariusz Mlynski is having a good month. Having cashed in earlier in May to the tune of $15,500, Mlynski pocketed another $30,000 courtesy of Google’s bug bounty program after four high-severity vulnerabilities were patched in the Chrome browser, each worth $7,500 to the...

6.8CVSS8.9AI score0.03094EPSS
Exploits6References24
redhatcve
redhatcve
added 2016/05/26 10:50 a.m.24 views

CVE-2016-1692

WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via...

5.3CVSS4.9AI score0.01127EPSS
Exploits0References2
redhatcve
redhatcve
added 2016/05/26 10:48 a.m.21 views

CVE-2016-1682

The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy CSP protection mechanism via a ServiceWorker...

6.1CVSS6.1AI score0.0111EPSS
Exploits0References2
kaspersky
kaspersky
added 2016/05/25 12:0 a.m.51 views

KLA10816 Multiple vulnerabilities in Google Chrome

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, obtain sensitive information or conduct another unknown impact. Below is a complete list of vulnerabilities: 1. Multiple...

8.8CVSS8.8AI score0.03094EPSS
Exploits4References3
nessus
nessus
added 2016/04/05 12:0 a.m.34 views

Google Chrome < 49.0.2623.75 Multiple Vulnerabilities

Binary data 9202.pasl...

8.8CVSS7.4AI score0.01068EPSS
Exploits1References2
osv
osv
added 2016/03/06 2:59 a.m.5 views

CVE-2016-2845

The Content Security Policy CSP implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation report...

5.3CVSS7.3AI score0.02223EPSS
Exploits0References8
prion
prion
added 2016/03/06 2:59 a.m.15 views

Path traversal

The Content Security Policy CSP implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation report...

5CVSS6.1AI score0.02223EPSS
Exploits0References8Affected Software1
cvelist
cvelist
added 2016/03/06 2:0 a.m.26 views

CVE-2016-2845

The Content Security Policy CSP implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation report...

6.5AI score0.02223EPSS
Exploits0References8
debiancve
debiancve
added 2016/03/06 2:0 a.m.43 views

CVE-2016-2845

Removed by vendor...

5.3CVSS7.4AI score0.02223EPSS
Exploits0
bdu_fstec
bdu_fstec
added 2015/10/29 12:0 a.m.6 views

The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure.

The vulnerability of Google Chrome’s ServiceWorker implementation relates to the use of memory after it is freed. Exploiting this vulnerability could allow a malicious actor to cause a service failure...

7.5CVSS7.7AI score0.01659EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder