chrome:window.external leaks global object + allows cross origin script access

Follow 0

Basic Fields

SSV ID:: SSV-97108

Find Time:: 2017-02-02

Submit Time:: 2018-01-29

Level:

Category:: 信息泄漏

Component:: Google Chrome

Author:: esprehn

Submitter:: Knownsec

CVE-ID：: Add

CNNVD-ID：: Add

CNVD-ID：: Add

ZoomEye Dork：: Add

Source

https://bugs.chromium.org/p/chromium/issues/detail?id=687844

Detail

Contributor Got 0KB

have 0 exchange

PoC

Unavailable PoC

Reference Linking

https://bugs.chromium.org/p/chromium/issues/detail?id=687844

Solutions

Temp Solutions

Unavailable Temp Solutions

Official Solution

Unavailable Official solution

Defense Solutions

Unavailable Defense Solutions

Unavailable Comments

※Any content provided by this site, only to learn the code and services, not for illegal purposes