Making URLs clickable and allowing them to be styled in DevTools in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Chrome | * | 66.0.3359.117 (excluding) | |
Red Hat Enterprise Linux 6 Supplementary | RedHat | chromium-browser-0:66.0.3359.117-1.el6_9 | * |
Chromium-browser | Ubuntu | artful | * |
Chromium-browser | Ubuntu | bionic | * |
Chromium-browser | Ubuntu | cosmic | * |
Chromium-browser | Ubuntu | devel | * |
Chromium-browser | Ubuntu | trusty | * |
Chromium-browser | Ubuntu | upstream | * |
Chromium-browser | Ubuntu | xenial | * |
Oxide-qt | Ubuntu | artful | * |
Oxide-qt | Ubuntu | esm-infra/xenial | * |
Oxide-qt | Ubuntu | trusty | * |
Oxide-qt | Ubuntu | xenial | * |