Chrome Universal XSS using deferred history loads (CVE-2016-1675)
VULNERABILITY DETAILS When a ScopedPageLoadDeferrer is destroyed, the deferring state is updated on the associated pages and loaders. If any history of load was set aside during the event loop the deferrer has been protecting, it's processed during the update without checking if navigation is...