Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors involving the document.write method.
References
Configurations
Configuration 1 (hide)
AND |
|
Information
Published : 2014-01-05 12:55
Updated : 2014-01-06 19:32
NVD link : CVE-2012-2899
Mitre link : CVE-2012-2899
JSON object : View
CWE
CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Products Affected
apple
- ipad2
- chrome