Published: 06/12/2015 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The page serializer in Google Chrome prior to 47.0.2526.73 mishandles Mark of the Web (MOTW) comments for URLs containing a "--" sequence, which might allow remote malicious users to inject HTML via a crafted URL, as demonstrated by an initial example.com?-- substring.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google chrome

Synopsis Critical: chromium-browser security update Type/Severity Security Advisory: Critical Topic Updated chromium-browser packages that fix multiple security issues are nowavailable for Red Hat Enterprise Linux 6 SupplementaryRed Hat Product Security has rated this update as having Critical securityimpa ...

Several security issues were fixed in Oxide ...

Several vulnerabilities have been discovered in the chromium web browser CVE-2015-1302 Rub Wu discovered an information leak in the pdfium library CVE-2015-6764 Guang Gong discovered an out-of-bounds read issue in the v8 javascript library CVE-2015-6765 A use-after-free issue was discovered in AppCache CVE-2015-6766 A use-a ...

The page serializer in Google Chrome before 470252673 mishandles Mark of the Web (MOTW) comments for URLs containing a "--" sequence, which might allow remote attackers to inject HTML via a crafted URL, as demonstrated by an initial examplecom?-- substring ...

CWE-20 http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html http://www.ubuntu.com/usn/USN-2825-1 http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.html https://code.google.com/p/chromium/issues/detail?id=503217 https://security.gentoo.org/glsa/201603-09 https://codereview.chromium.org/1371323003 http://www.securityfocus.com/bid/78416 http://www.debian.org/security/2015/dsa-3415 http://lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.html http://www.securitytracker.com/id/1034298 https://access.redhat.com/errata/RHSA-2015:2545 https://usn.ubuntu.com/2825-1/https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2015-6784

CVE-2015-6784

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect