The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that improperly interacts with a plugin.
References
Configurations
History
No history.
Information
Published : 2015-12-06 01:59
Updated : 2025-04-12 10:46
NVD link : CVE-2015-6772
Mitre link : CVE-2015-6772
CVE.ORG link : CVE-2015-6772
JSON object : View
Products Affected
- chrome
CWE
CWE-264
Permissions, Privileges, and Access Controls