Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The protocolIs function in platform/KURLGoogle.cpp in WebCore in WebKit before r55822, as used in Google Chrome before 4.1.249.1036 and Flock Browser 3.x before 3.0.0.4112, does not properly handle whitespace at the beginning of a URL, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted javascript: URL, as demonstrated by a \x00javascript:alert sequence.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Google Chrome WebKit跨站脚本攻击漏洞
Vulnerability Description
WebKit是KDE、苹果(Apple)、谷歌(Google)等公司共同开发的一套开源Web浏览器引擎,目前被Apple Safari及Google Chrome等浏览器使用。 Google Chrome 4.1.249.1036之前版本和Flock Browser 3.0.0.4112之前的3.x版本中使用的WebKit r55822之前版本的WebCore的platform/KURLGoogle.cpp中的protocolIs函数没有正确处理URL开端的空白。远程攻击者可借助特制的javascript
CVSS Information
N/A
Vulnerability Type
N/A