Executive Summary
Summary | |
---|---|
Title | Comodo Chromodo browser with Ad Sanitizer does not enforce same origin policy and is based on an outdated version of Chromium |
Informations | |||
---|---|---|---|
Name | VU#305096 | First vendor Publication | 2016-02-04 |
Vendor | VU-CERT | Last vendor Modification | 2016-02-08 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : | |||
---|---|---|---|
Cvss Base Score | Not Defined | Attack Range | Not Defined |
Cvss Impact Score | Not Defined | Attack Complexity | Not Defined |
Cvss Expoit Score | Not Defined | Authentication | Not Defined |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#305096Comodo Chromodo browser with Ad Sanitizer does not enforce same origin policy and is based on an outdated version of ChromiumOverviewComodo Chromodo browser, version 45.8.12.391, and possibly earlier, bundles the Ad Sanitizer extension, version 1.4.0.26, which disables the same origin policy, allowing for the possibility of cross-domain attacks by malicious or compromised web hosts. Chromodo is based on an outdated release of Chromium with known vulnerabilities. Description
Impact
Solution
Vendor Information (Learn More)
CVSS Metrics (Learn More)
References
CreditThe CERT/CC acknowledges Tavis Ormandy of the Project Zero team at Google for disclosing this issue. This document was written by Joel Land. Other Information
FeedbackIf you have feedback, comments, or additional information about this vulnerability, please send us email. |
Original Source
Url : http://www.kb.cert.org/vuls/id/305096 |
Alert History
Date | Informations |
---|---|
2016-02-08 21:28:49 |
|
2016-02-08 21:24:27 |
|
2016-02-06 00:27:50 |
|
2016-02-06 00:23:18 |
|
2016-02-04 21:30:01 |
|
2016-02-04 21:24:42 |
|