Google Chrome Blink Information Disclosure Vulnerability

Blink is the United States Google Google Inc. and Norway Opens Opera Software company jointly developed a set of browser layout engine rendering engine. A security vulnerability exists in the 'XSSAuditor::canonicalize' function in the core/html/parser/XSSAuditor.cpp file in the XSS auditor progra...

CVE-2015-1285

The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-tim...

CVE-2015-1285

Removed by vendor...

CVE-2015-1285

The CVE-2015-1285 issue affects the Blink XSS auditor (XSSAuditor.cpp) used by Google Chrome up to version 44.0.2403.89. Root cause: the XSSAuditor::canonicalize function fails to properly select a truncation point, enabling an information leak via an unspecified linear-time attack. Impact: remot...

CVE-2015-1285

The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-tim...

Google Chrome XSSAuditor Policy ByPass

A policy bypass vulnerability exists in Google Chrome. The vulnerability is due to improper handling of script tags within svg tags. A remote attacker can exploit this vulnerability by enticing a user to follow a crafted URL. Successful exploitation will result in bypassing the XSSAuditor feature...

CVE-2013-6656

The XSSAuditor::init function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 33.0.1750.117, processes POST requests by using the body of a redirecting page instead of the body of a redirect target, which allows remote attackers to obtain sensitive...

Google Chrome XSSAuditor Filter Security Policy Bypass

A policy bypass vulnerability exists in Google Chrome. The vulnerability is due a design weakness in Chrome XSSAuditor. By inserting JavaScript in the srcdoc attribute of an IFRAME tag, the Cross-Site Scripting filter can be bypassed. An attacker can exploit this weakness to further facilitate...

CVE-2012-5851

The CVE-2012-5851 issue concerns WebKit’s XSSAuditor.cpp in WebCore, used by Google Chrome (through version 22) and Safari (5.1.7). The root cause is that reflected data output contexts aren’t fully accounted for, enabling bypass of the built-in XSS protection. The listed references (WebKit Bug 9...

Chrome 18 Anti-XSS Bypass

Exploit Title: Chrome 18 anti-XSS bypass Date: 2012-05-31 Author: k3170makan Vendor or Software Link: download link if available Version: 18.0.1025.162 Category:: local Google dork: N/A Tested on: Ubuntu 10.04 Demo site: N/A Chrome 18---and possibly 19--- versions anti-XSS filter or XSSAuditor as...