Redhat » Enterprise Linux Server Supplementary : Security Vulnerabilities, CVEs, Published In 2015 (XSS)
Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context restriction, aka a Blink "Universal XSS (UXSS)."
Max CVSS
4.3
EPSS Score
0.35%
Published
2015-07-23
Updated
2018-10-30
The XSSAuditor::canonicalize function in core/html/parser/XSSAuditor.cpp in the XSS auditor in Blink, as used in Google Chrome before 44.0.2403.89, does not properly choose a truncation point, which makes it easier for remote attackers to obtain sensitive information via an unspecified linear-time attack.
Max CVSS
5.0
EPSS Score
0.37%
Published
2015-07-23
Updated
2018-10-30
2 vulnerabilities found