The WebPageSerializerImpl::openTagToString function in WebKit/Source/web/WebPageSerializerImpl.cpp in the page serializer in Google Chrome prior to 47.0.2526.80 does not properly use HTML entities, which might allow remote malicious users to inject arbitrary web script or HTML via a crafted document, as demonstrated by a double-quote character inside a single-quoted string.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google chrome |