Improper Verification of Communication Channel in @theia/plugin-ext

In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage...

CVE-2021-41038

In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage...

Code injection

In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage...

CVE-2021-41038

In versions of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, Webview contents can be hijacked via postMessage...

CVE-2021-41038

The CVE-2021-41038 entry concerns the @theia/plugin-ext component of Eclipse Theia (pre-1.18.0). The issue is that Webview contents can be hijacked via postMessage(), caused by improper verification of the communication channel. This mode of exploitation could expose or modify Webview content dep...

Eclipse Theia 安全漏洞

Eclipse Theia is the Eclipse Foundation's set of open source IDE frameworks for desktop and web applications based on Visual Studio Code. A security vulnerability exists in the version of the @theia/plugin-ext component of Eclipse Theia prior to 1.18.0, which originates from Webview content that...

Information Disclosure

chromium-browser:bionic is vulnerable to information disclosure. Inappropriate implementation in WebView in Google Chrome on Android allowed a remote attacker to leak cross-origin data via a crafted app...

DEBIAN-CVE-2021-37990

Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app...

CVE-2021-37990

Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app...

CVE-2021-37990

Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app...

Design/Logic Flaw

Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app...

UBUNTU-CVE-2021-37990

Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app...

CVE-2021-37990

CVE-2021-37990 describes an inappropriate implementation in the WebView component of the Chromium browser engine on Android prior to 95.0.4638.54. The issue allows a remote attacker to leak cross-origin data through a crafted Android app, i.e., data exfiltration from cross-origin contexts via Web...

CVE-2021-37990

Inappropriate implementation in WebView in Google Chrome on Android prior to 95.0.4638.54 allowed a remote attacker to leak cross-origin data via a crafted app...

openSUSE 15 Security Update : chromium (openSUSE-SU-2021:1396-1)

The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1396-1 advisory. - : Heap buffer overflow in Skia. CVE-2021-37981 - : Use after free in Incognito. CVE-2021-37982 - : Use after free in Dev Tools...

Security update for chromium (important)

openSUSE Security Update: Security update for chromium Announcement ID: openSUSE-SU-2021:1396-1 Rating: important References: 1191844 Cross-References: CVE-2021-37981 CVE-2021-37982 CVE-2021-37983 CVE-2021-37984 CVE-2021-37985 CVE-2021-37986 CVE-2021-37987 CVE-2021-37988 CVE-2021-37989...

Google Chrome Security Update (stable-channel-update-for-desktop_19-2021-10) - Windows

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

Chromium: CVE-2021-37990 Inappropriate implementation in WebView

This CVE was assigned by Chrome. Microsoft Edge Chromium-based ingests Chromium, which addresses this vulnerability. Please see Google Chrome Releases for more information...

Google Chrome WebView improperly implemented vulnerability (CNVD-2021-84807)

Chrome is a web browsing tool developed by Google. versions prior to Google Chrome 95.0.4638.54 are vulnerable to a WebView misimplementation. An attacker could exploit this vulnerability to leak cross-domain data through a crafted application...

FreeBSD : chromium -- multiple vulnerabilities (bdaecfad-3117-11ec-b3b0-3065ec8fd3ec)

Chrome Releases reports : This release contains 19 security fixes, including : - 1246631 High CVE-2021-37981: Heap buffer overflow in Skia. Reported by Yangkang @dnpushme of 360 ATA on 2021-09-04 - 1248661 High CVE-2021-37982: Use after free in Incognito. Reported by Weipeng Jiang @Krace from...