CVE-2015-6790

by Fred · 14/12/2015

The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome before 47.0.2526.80 does not properly use HTML entities, which might allow remote attackers to inject arbitrary web script or HTML via a crafted document, as demonstrated by a double-quote character inside a single-quoted string.

Date published : 2015-12-14

http://www.securityfocus.com/bid/78734

http://googlechromereleases.blogspot.com/2015/12/stable-channel-update_8.html

CVE-2015-6790

Similar

Recent Posts

Categories

CVE-2015-6790

Share this:

Similar

Recent Posts

Categories

Tags