CVE-2012-2899 — Cross-site Scripting in Google Chrome

CWE-79 — Cross-site Scripting2 documents2 sources

Severity

4.3MEDIUMNVD

EPSS

0.1%

top 69.70%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedJan 5

Latest updateMay 17

Description

Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors involving the document.write method.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

▶NVDgoogle/chrome21.0.1180.81+44

🔴Vulnerability Details

GHSA

GHSA-qgwf-3p7g-gqvp: Google Chrome before 21↗2022-05-17

▶