The ContainerNode::parserRemoveChild function in WebKit/Source/core/dom/ContainerNode.cpp in Blink, as used in Google Chrome before 49.0.2623.75, mishandles widget updates, which makes it easier for remote attackers to bypass the Same Origin Policy via a crafted web site.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Chrome | * | 48.0.2564.116 (including) | |
Red Hat Enterprise Linux 6 Supplementary | RedHat | chromium-browser-0:49.0.2623.75-1.el6 | * |
Chromium-browser | Ubuntu | devel | * |
Chromium-browser | Ubuntu | precise | * |
Chromium-browser | Ubuntu | trusty | * |
Chromium-browser | Ubuntu | upstream | * |
Chromium-browser | Ubuntu | wily | * |
Oxide-qt | Ubuntu | devel | * |
Oxide-qt | Ubuntu | trusty | * |
Oxide-qt | Ubuntu | upstream | * |
Oxide-qt | Ubuntu | vivid/stable-phone-overlay | * |
Oxide-qt | Ubuntu | wily | * |