proudly powered by 3dfxzone.it |
News | Headlines | Ricerca |
|
Google Chrome 3.0.195.21 Final |
We would like to extend special thanks to Will Dormann of CERT for working with us to improve the security of the new audio and video codecs in this release. CVE-2009-XXXX Content-Type: application/rss+xml being rendered as active content Previously, we rendered RSS and Atom feeds as XML. Because most other browsers render these documents with dedicated feed previewers, some web sites do not sanitize their feeds for active content, such as More info: http://code.google.com/p/chromium/issues/detail?id=21238 Severity: Medium. Most web sites are not affected because they do not include untrusted content in RSS or Atom feeds. Credit: Inferno of SecureThoughts.com Mitigations:
CVE-2009-XXXX Same Origin Policy Bypass via getSVGDocument() method The getSVGDocument method was lacking an access check, resulting in a cross-origin JavaScript capability leak. A malicious web site operator could use the leaked capability to inject JavaScript into a target web site hosting an SVG document, bypassing the same-origin policy. More info: http://code.google.com/p/chromium/issues/detail?id=21338 Severity: High Credit: Isaac Dawson Mitigations:
|
Descrizione | Download |
Dimensione: N/A | Annuncio |
Tipo: Applicazione | Altre Applicazioni |
Versione per desktop di nvidiazone.it
Copyright 2024 - nvidiazone.it - E' vietata la riproduzione del contenuto informativo e grafico. Note Legali. Privacy