Security Advisory

CVE-2016-5128

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2016-07-23 19:00:00

Last updated 2024-08-06 00:53:47

Assigner Chrome

State PUBLISHED

Description

objects.cc in Google V8 before 5.2.361.27, as used in Google Chrome before 52.0.2743.82, does not prevent API interceptors from modifying a store target without setting a property, which allows remote attackers to bypass the Same Origin Policy via a crafted web site.

← Browse all CVEs View on cve.org ↗