N/A

The content renderer client in Google Chrome prior to 54.0.2840.85 for Android insufficiently enforced the Same Origin Policy amongst downloaded files, which allowed a remote attacker to access any downloaded file and interact with sites, including those the user was logged into, via a crafted HTML page.

N/A

N/A

Google Chrome 安全漏洞

Google Chrome是美国谷歌（Google）公司开发的一款Web浏览器。 基于Android平台的Google Chrome 54.0.2840.85之前的版本中的content renderer client存在安全漏洞，该漏洞源于在下载文件中程序没有执行同源策略。远程攻击者可借助特制的HTML页面利用该漏洞访问任意下载的文件。

N/A

N/A