Cross-site scripting (XSS) vulnerability in the V8ContextNativeHandler::GetModuleSystem function in extensions/renderer/v8_context_native_handler.cc in Google Chrome before 44.0.2403.89 allows remote attackers to inject arbitrary web script or HTML by leveraging the lack of a certain V8 context restriction, aka a Blink "Universal XSS (UXSS)."
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Chrome
Published: 2015-07-23T00:00:00
Updated: 2017-09-20T09:57:01
Reserved: 2015-01-21T00:00:00
Link: CVE-2015-1286
JSON object: View
NVD Information
Status : Modified
Published: 2015-07-23T00:59:15.553
Modified: 2023-11-07T02:24:39.930
Link: CVE-2015-1286
JSON object: View
Redhat Information
No data.
CWE