CVE-2015-6772

The DOM implementation in Blink, as used in Google Chrome before 47.0.2526.73, does not prevent javascript: URL navigation while a document is being detached, which allows remote attackers to bypass the Same Origin Policy via crafted JavaScript code that improperly interacts with a plugin.
Configurations

Configuration 1 (hide)

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2015-12-06 01:59

Updated : 2025-04-12 10:46


NVD link : CVE-2015-6772

Mitre link : CVE-2015-6772

CVE.ORG link : CVE-2015-6772


JSON object : View

Products Affected

google

  • chrome
CWE
CWE-264

Permissions, Privileges, and Access Controls