Blink, as used in Google Chrome prior to 53.0.2785.89 on Windows and OS X and prior to 53.0.2785.92 on Linux, mishandles deferred page loads, which allows remote malicious users to inject arbitrary web script or HTML via a crafted web site, aka "Universal XSS (UXSS)."
|Vulnerable Product||Search on Vulmon||Subscribe to Product|
Google continued its onslaught of summer Chrome patches Wednesday when it pushed out version 53 of the browser, fixing 33 bugs, half of which were rated “high” severity by the company.
Google paid at least $56,500 in rewards to researchers who discovered vulnerabilities in the browser this time through. The company is still determining how much to award several researchers who found bugs, while two vulnerabilities marked Wednesday were ultimately not applicable to the company’s...