5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.004 Low
EPSS
Percentile
72.4%
The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in
the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89,
does not properly choose a truncation point, which makes it easier for
remote attackers to obtain sensitive information via an unspecified
linear-time attack.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | chromium-browser | < 44.0.2403.89-0ubuntu0.14.04.1.1095 | UNKNOWN |
ubuntu | 15.04 | noarch | chromium-browser | < 44.0.2403.89-0ubuntu0.15.04.1.1177 | UNKNOWN |
ubuntu | 15.10 | noarch | chromium-browser | < 44.0.2403.89-0ubuntu1.1195 | UNKNOWN |
ubuntu | 14.04 | noarch | oxide-qt | < 1.8.4-0ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 15.04 | noarch | oxide-qt | < 1.8.4-0ubuntu0.15.04.1 | UNKNOWN |
ubuntu | 15.10 | noarch | oxide-qt | < 1.8.4-0ubuntu1 | UNKNOWN |