CVE-2016-5132 (chrome)

Posted on 2016년 7월 24일2016년 7월 28일 by admin

The Service Workers subsystem in Google Chrome before 52.0.2743.82 does not properly implement the Secure Contexts specification during decisions about whether to control a subframe, which allows remote attackers to bypass the Same Origin Policy via an https IFRAME element inside an http IFRAME element.

Source: CVE-2016-5132 (chrome)

답글 남기기 응답 취소