Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Vigil@nce - Google Chrome, Chromium: bypass of anti XSS filter

August 2015 by Vigil@nce

This bulletin was written by Vigil@nce : http://vigilance.fr/offer

SYNTHESIS OF THE VULNERABILITY

An attacker can bypass the anti-XSS filter of Google Chrome and
Chromium, in order to run code in the Web site’s context.

Impacted products: Chrome, Opera.

Severity: 2/4.

Creation date: 25/06/2015.

DESCRIPTION OF THE VULNERABILITY

The Google Chrome and Chromium products include a filter against
XSS attacks.

However, one can make the filter accept a script in an SVG image
when the script match a regular expression used by the filter.

These vulnerability may be one of those mentioned in
VIGILANCE-VUL-17212.

An attacker can therefore bypass the anti-XSS filter of Google
Chrome and Chromium, in order to run JavaScript code in the Web
site’s context.

ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN

http://vigilance.fr/vulnerability/Google-Chrome-Chromium-bypass-of-anti-XSS-filter-17238


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts