Ubuntu Security Notice USN-2652-1

Discussion in 'News Aggregator' started by Packet Storm, 1 Jul 2015.

  1. Packet Storm

    Packet Storm Guest

    Ubuntu Security Notice 2652-1 - It was discovered that Chromium did not properly consider the scheme when determining whether a URL is associated with a WebUI SiteInstance. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass security restrictions. It was discovered that Blink did not properly restrict the creation context during creation of a DOM wrapper. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to bypass same-origin restrictions. Various other issues were also addressed.

    Continue reading...
     

Share This Page

Loading...