CVE-2017-15418 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the method property.

CVE-2017-15419 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the source property.

CVE-2017-15420 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the data property.

CVE-2017-15421 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the eventTarget property.

CVE-2017-15422 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the click event.

CVE-2017-15423 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the target property.

CVE-2017-15424 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the data property.

CVE-2017-15425 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the source property.

CVE-2017

What isream of Google Chrome?

Google Chrome is an open-source web browser developed by Google. It was first released in 2008.

A vulnerability was discovered on Google Chrome in Blink, which allowed attackers to inject scripts or HTML into a module via the method property. This vulnerability was used as part of the exploit chain for additional vulnerabilities CVE-2017-15418 through CVE-2017-15425.

^ Cork Rock - CVE 2017

CVE-2017-15418 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the method property.

CVE-2017-15419 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the source property.

CVE-2017-15420 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the data property.

CVE-2017-15421 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the eventTarget property.

CVE-2017-15422 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the click event.

CVE-2017-15423 In Blink, in the Web Inspector, Google Chrome prior to version 66 allowed attackers to inject scripts or HTML into a module via the target property.

New capabilities:

In order to improve security, Google Chrome will be implementing the following new capabilities:

1. A "High" sandbox policy that is enabled by default for all extensions, except for those that specify a different setting;
2. A “Blacklist” of known malicious extensions; and
3. The ability for users to reset their browsing data, including browsing history and Windows credentials.

Timeline

Published on: 04/05/2022 01:15:00 UTC
Last modified on: 08/15/2022 11:15:00 UTC

References