The extensions subsystem in Google Chrome prior to 53.0.2785.89 on Windows and OS X and prior to 53.0.2785.92 on Linux relies on an IFRAME source URL to identify an associated extension, which allows remote malicious users to conduct extension-bindings injection attacks by leveraging script access to a resource that initially has the about:blank URL.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google chrome |
||
opensuse leap 42.1 |