Back to search
CVE-2015-1261
Published: May 20, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
android/java/src/org/chromium/chrome/browser/WebsiteSettingsPopup.java in Google Chrome before 43.0.2357.65 on Android does not properly restrict use of a URL's fragment identifier during construction of a page-info popup, which allows remote attackers to spoof the URL bar or deliver misleading popup content via crafted text.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://codereview.chromium.org/1056743002
x_refsource_CONFIRM
openSUSE-SU-2015:0969
vendor-advisory
x_refsource_SUSE
https://codereview.chromium.org/1077483002
x_refsource_CONFIRM
openSUSE-SU-2015:1877
vendor-advisory
x_refsource_SUSE
1032375
vdb-entry
x_refsource_SECTRACK
DSA-3267
vendor-advisory
x_refsource_DEBIAN
74723
vdb-entry
x_refsource_BID
https://codereview.chromium.org/1011383005
x_refsource_CONFIRM
https://code.google.com/p/chromium/issues/detail?id=466351
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now