PT-2014-2257 · Google · Google Chrome
Łukasz Pilorz
·
Publicado
2014-01-05
·
Atualizado
2014-01-07
·
CVE-2012-2899
CVSS v2.0
4.3
Média
| Vetor | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Google Chrome versions prior to 21.0.1180.82 on iOS
Description
The issue allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks. This is achieved through certain incorrect calls to WebView methods that trigger the use of an
applewebdata: URL, involving vectors with the document.write method.Recommendations
For Google Chrome versions prior to 21.0.1180.82 on iOS, update to version 21.0.1180.82 or later to resolve the issue.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Google Chrome