Page 545 of 3367 results (0.008 seconds)

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1

Google Chrome before 18.0.1025308 on Android allows remote attackers to obtain cookie information via a crafted application. Google Chrome antes de v18.0.1025308 en Android permite a atacantes remotos obtener información de las cookies a través de una aplicación diseñada. Symbolic links can be used for spoofing Content-Type of local files and this enables malicious Android applications the ability to steal Chrome's cookie file. Version 18.0.1025308 was released to address this vulnerability. • https://www.exploit-db.com/exploits/37794 http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html https://code.google.com/p/chromium/issues/detail?id=141889 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1

Google Chrome before 18.0.1025308 on Android allows remote attackers to bypass the Same Origin Policy and obtain access to local files via vectors involving a symlink. Google Chrome antes de v18.0.1025308 en Android permite a atacantes remotos evitar la política del mismo origen y obtener acceso a archivos locales a través de vectores relacionados con un enlace simbólico. Chrome for Android's Same-Origin Policy for local files (file: URI) can be bypassed by using symbolic links. It results in theft of Chrome's private files by malicious Android applications. Version 18.0.1025308 was released to address this vulnerability. • https://www.exploit-db.com/exploits/37795 http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html https://code.google.com/p/chromium/issues/detail?id=144866 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 1

Cross-site scripting (XSS) vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script or HTML via an extra in an Intent object, aka "Universal XSS (UXSS)." Una vulnerabilidad de ejecución de comandos en sitios cruzados (XSS) en Google Chrome antes de v18.0.1025308 en Android permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de un 'extra' en un objeto 'Intent'. Se trata de un problema también conocido como "Universal XSS (UXSS)". Chrome for Android suffers from a universal cross site scripting vulnerability via com.android.browser.application_id. Version 18.0.1025308 was released to address this vulnerability. • https://www.exploit-db.com/exploits/37792 http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html https://code.google.com/p/chromium/issues/detail?id=144813 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Cross-application scripting vulnerability in Google Chrome before 18.0.1025308 on Android allows remote attackers to inject arbitrary web script via unspecified vectors, as demonstrated by "Universal XSS (UXSS)" attacks against the current tab. Una vulnerabilidad de ejecución de scripts entre aplicaciones en Google Chrome antes de v18.0.1025308 para Android permite a atacantes remotos inyectar secuencias de comandos web a través de vectores no especificados, como se demostró con ataques "Universal XSS (UXSS)" contra la pestaña actual. • http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html https://code.google.com/p/chromium/issues/detail?id=138035 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

Google Chrome before 18.0.1025308 on Android does not properly restrict access to file: URLs, which allows remote attackers to obtain sensitive information via unspecified vectors, as demonstrated by obtaining credential data, a different vulnerability than CVE-2012-4906. Google Chrome antes de v18.0.1025308 en Android no restringe correctamente el acceso a URLs "file:", lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados, comoha quedado demostrado mediante la obtención de datos de credenciales. Se trata de una vulnerabilidad diferente a CVE-2012-4906a. • http://googlechromereleases.blogspot.com/2012/09/chrome-for-android-update.html https://code.google.com/p/chromium/issues/detail?id=138210 • CWE-264: Permissions, Privileges, and Access Controls •