Chrome Universal XSS using an <input type="color"> element (CVE-2016-5208)

VULNERABILITY DETAILS When an input element is removed, the popup is closed during the layout tree detach: void HTMLInputElement::detachLayoutTreeconst AttachContext& context HTMLTextFormControlElement::detachLayoutTreecontext; mneedsToUpdateViewValue = true; minputTypeView-closePopupView; If the...

CVE-2016-5208

Blink in Google Chrome prior to 55.0.2883.75 for Linux and Windows, and 55.0.2883.84 for Android allowed possible corruption of the DOM tree during synchronous event handling, which allowed a remote attacker to inject arbitrary scripts or HTML UXSS via a crafted HTML page...