CVE-2016-5191

by Fred · 17/12/2016

Bookmark handling in Google Chrome prior to 54.0.2840.59 for Windows, Mac, and Linux; 54.0.2840.85 for Android had insufficient validation of supplied data, which allowed a remote attacker to inject arbitrary scripts or HTML (UXSS) via crafted HTML pages, as demonstrated by an interpretation conflict between userinfo and scheme in an http://javascript:payload@example.com URL.

Date published : 2016-12-17

http://www.securityfocus.com/bid/93528

https://chromereleases.googleblog.com/2016/10/stable-channel-update-for-desktop.html

CVE-2016-5191

Similar

Recent Posts

Categories

CVE-2016-5191

Share this:

Similar

Recent Posts

Categories

Tags