The Service Workers subsystem in Google Chrome prior to 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote malicious users to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google chrome |