4.3
CVSSv2

CVE-2012-2899

Published: 05/01/2014 Updated: 07/01/2014
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Vulnerability Summary

Google Chrome prior to 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote malicious users to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors involving the document.write method.

Affected Products

Vendor Product Versions
GoogleChrome21.0.1180.0, 21.0.1180.1, 21.0.1180.2, 21.0.1180.31, 21.0.1180.32, 21.0.1180.33, 21.0.1180.34, 21.0.1180.35, 21.0.1180.36, 21.0.1180.37, 21.0.1180.38, 21.0.1180.39, 21.0.1180.41, 21.0.1180.46, 21.0.1180.47, 21.0.1180.48, 21.0.1180.49, 21.0.1180.50, 21.0.1180.51, 21.0.1180.52, 21.0.1180.53, 21.0.1180.54, 21.0.1180.55, 21.0.1180.56, 21.0.1180.57, 21.0.1180.59, 21.0.1180.60, 21.0.1180.61, 21.0.1180.62, 21.0.1180.63, 21.0.1180.64, 21.0.1180.68, 21.0.1180.69, 21.0.1180.70, 21.0.1180.71, 21.0.1180.72, 21.0.1180.73, 21.0.1180.74, 21.0.1180.75, 21.0.1180.76, 21.0.1180.77, 21.0.1180.78, 21.0.1180.79, 21.0.1180.80, 21.0.1180.81