oval:org.mitre.oval:def:12940
Definition Id: oval:org.mitre.oval:def:12940 | |||
Oval ID: | oval:org.mitre.oval:def:12940 | ||
Title: | Google Chrome before 15.0.874.102 allows remote attackers to bypass the Same Origin Policy | ||
Description: | WebKit, as used in Google Chrome before 15.0.874.102 and Android before 4.4, allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors related to (1) the DOMWindow::clear function and use of a selection object, (2) the Object::GetRealNamedPropertyInPrototypeChain function and use of an __proto__ property, (3) the HTMLPlugInImageElement::allowedToLoadFrameURL function and use of a javascript: URL, (4) incorrect origins for XSLT-generated documents in the XSLTProcessor::createDocumentFromSource function, and (5) improper handling of synchronous frame loads in the ScriptController::executeIfJavaScriptURL function. | ||
Family: | windows | Class: | vulnerability |
Reference(s): | CVE-2011-3881 | Version: | 12 |
Platform(s): | Microsoft Windows 2000 Microsoft Windows 7 Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows XP | Product(s): | Google Chrome |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:11914 | |||
Oval ID: | oval:org.mitre.oval:def:11914 | ||
Title: | Google Chrome is installed | ||
Description: | Google Chrome is installed | ||
Family: | windows | Class: | inventory |
Reference(s): | cpe:/a:google:chrome | Version: | 20 |
Platform(s): | Microsoft Windows XP Microsoft Windows Server 2003 Microsoft Windows Server 2008 Microsoft Windows Server 2008 R2 Microsoft Windows Vista Microsoft Windows 7 Microsoft Windows 8 Microsoft Windows 8.1 Microsoft Windows Server 2012 Microsoft Windows Server 2012 R2 | Product(s): | Google Chrome |
Definition Synopsis: | |||
Referenced By: | |||
oval:org.mitre.oval:def:12940 |