PT-2014-2257 · Google · Google Chrome
Łukasz Pilorz
·
Published
2014-01-05
·
Updated
2014-01-07
·
CVE-2012-2899
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Google Chrome versions prior to 21.0.1180.82 on iOS
Description
The issue allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks. This is achieved through certain incorrect calls to WebView methods that trigger the use of an
applewebdata: URL, involving vectors with the document.write method.Recommendations
For Google Chrome versions prior to 21.0.1180.82 on iOS, update to version 21.0.1180.82 or later to resolve the issue.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Google Chrome