The page serializer in Google Chrome prior to 47.0.2526.73 mishandles Mark of the Web (MOTW) comments for URLs containing a "--" sequence, which might allow remote malicious users to inject HTML via a crafted URL, as demonstrated by an initial example.com?-- substring.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google chrome |