Release date:
Updated on:
Affected Systems:
Google Chrome 18.0.1025.162
WebKit Open Source Project WebKit r82222
WebKit Open Source Project WebKit r77705
WebKit Open Source Project WebKit r52833
WebKit Open Source Project WebKit r52401
WebKit Open Source Project WebKit r51295
WebKit Open Source Project WebKit r38566
WebKit Open Source Project WebKit 1.2.X
WebKit Open Source Project WebKit 1.2.5
WebKit Open Source Project WebKit 1.2.3
WebKit Open Source Project WebKit 1.2.2-1
WebKit Open Source Project WebKit 1.2.2
Description:
--------------------------------------------------------------------------------
Bugtraq id: 53762
WebKit is an open-source browser engine with Gecko (the typographical engine used by Mozilla Firefox) and Trident (also known as MSHTML, the typographical engine used by IE ). WebKit is also the name of the Apple Mac OS x System engine Framework version. It is mainly used in Safari, Dashboard, Mail, and other Mac OS X programs.
The WebKit used in Chrome 18 beta has a Security Restriction Bypass Vulnerability. Attackers can exploit this vulnerability to bypass the security restriction of cross-site scripting, attackers can execute arbitrary script code and steal Cookie authentication creden.
<* Source: k3170makan
Link: http://code.google.com/p/chromium/issues/detail? Id = 130594
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
<Script>/* // */alert (1); </script>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
WebKit Open Source Project
--------------------------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://webkit.org/