305 matches found
CVE-2016-1692
WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via...
CVE-2016-1692
Removed by vendor...
CVE-2016-1692
CVE-2016-1692 concerns WebKit/Blink: StyleSheetContents.cpp in Blink, used by Google Chrome prior to 51.0.2704.63, allows a ServiceWorker to cause cross-origin loading of CSS stylesheets even when the stylesheet has an incorrect MIME type. This enables bypassing the Same Origin Policy via a craft...
CVE-2016-1682
The CVE-2016-1682 entry covers a CSP bypass in ServiceWorker registration via Blink/WebKit used by Google Chrome prior to 51.0.2704.63. Affected component is ServiceWorkerContainer::registerServiceWorkerImpl in Blink; root cause is CSP protection bypass during ServiceWorker registration. Impact i...
Security update for Chromium (important)
Chromium was updated to 51.0.2704.79 to fix the following vulnerabilities: - CVE-2016-1696: Cross-origin bypass in Extension bindings - CVE-2016-1697: Cross-origin bypass in Blink - CVE-2016-1698: Information leak in Extension bindings - CVE-2016-1699: Parameter sanitization failure in DevTools -...
Google Chrome ServiceWorker Policy Bypass Vulnerability
Google Chrome is a popular web browser. A security vulnerability in Google Chrome ServiceWorker allows remote attackers to exploit the vulnerability to build malicious WEB pages that trick users into parsing, which can bypass CSP policies...
Unspecified Vulnerability in Google Chrome ServiceWorker
Google Chrome is a popular web browser. An unspecified vulnerability exists in Google Chrome ServiceWorker, which allows remote attackers to exploit the vulnerability to build malicious WEB pages and trick users into parsing them for attacks...
UBUNTU-CVE-2016-1682
The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy CSP protection mechanism via a ServiceWorker...
CVE-2016-1692
WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via...
CVE-2016-1682
The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy CSP protection mechanism via a ServiceWorker...
Researcher Pockets $30,000 in Chrome Bounties
Security researcher Mariusz Mlynski is having a good month. Having cashed in earlier in May to the tune of $15,500, Mlynski pocketed another $30,000 courtesy of Google’s bug bounty program after four high-severity vulnerabilities were patched in the Chrome browser, each worth $7,500 to the...
CVE-2016-1692
WebKit/Source/core/css/StyleSheetContents.cpp in Blink, as used in Google Chrome before 51.0.2704.63, permits cross-origin loading of CSS stylesheets by a ServiceWorker even when the stylesheet download has an incorrect MIME type, which allows remote attackers to bypass the Same Origin Policy via...
CVE-2016-1682
The ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink, as used in Google Chrome before 51.0.2704.63, allows remote attackers to bypass the Content Security Policy CSP protection mechanism via a ServiceWorker...
KLA10816 Multiple vulnerabilities in Google Chrome
Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, obtain sensitive information or conduct another unknown impact. Below is a complete list of vulnerabilities: 1. Multiple...
Google Chrome < 49.0.2623.75 Multiple Vulnerabilities
Binary data 9202.pasl...
CVE-2016-2845
The Content Security Policy CSP implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation report...
Path traversal
The Content Security Policy CSP implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation report...
CVE-2016-2845
The Content Security Policy CSP implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation report...
CVE-2016-2845
Removed by vendor...
The vulnerability of Google Chrome browser allows a perpetrator to trigger a service failure.
The vulnerability of Google Chrome’s ServiceWorker implementation relates to the use of memory after it is freed. Exploiting this vulnerability could allow a malicious actor to cause a service failure...