The NavigationScheduler::schedulePageBlock function in core/loader/NavigationScheduler.cpp in Blink, as used in Google Chrome prior to 38.0.2125.101, does not properly provide substitute data for pages blocked by the XSS auditor, which allows remote malicious users to obtain sensitive information via a crafted web site.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google chrome |
||
redhat enterprise linux desktop supplementary 6.0 |
||
redhat enterprise linux server supplementary 6.0 |
||
redhat enterprise linux workstation supplementary 6.0 |
||
redhat enterprise linux server supplementary eus 6.6.z |