|chrome: UXSS in... - VULHUB开源网络安全威胁库

chrome: UXSS in...

- AV AC AU C I A

发布： 2025-04-13

修订： 2025-04-13

### Details: `third_party/WebKit/Source/core/loader/DocumentLoader.cpp:735`: ```cpp PassRefPtrWillBeRawPtr<DocumentWriter> DocumentLoader::createWriterFor(const Document ownerDocument, const DocumentInit& init, const AtomicString& mimeType, const AtomicString& encoding, bool dispatch, ParserSynchronizationPolicy parsingPolicy) { LocalFrame* frame = init.frame(); ASSERT(!frame->document() || !frame->document()->isActive()); ASSERT(frame->tree().childCount() == 0); if (!init.shouldReuseDefaultView()) frame->setDOMWindow(LocalDOMWindow::create(*frame)); RefPtrWillBeRawPtr<Document> document = frame->localDOMWindow()->installNewDocument(mimeType, init); if (ownerDocument) { document->setCookieURL(ownerDocument->cookieURL()); document->setSecurityOrigin(ownerDocument->securityOrigin()); } } ``` DocumentLoader calls `setSecurityOrigin` instead of `updateSecurityOrigin`, so while the document inherits the correct SecurityOrigin from the owner, its associated v8 context is left with the...

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有0条受影响产品信息

您还没有登录，登录后可查看更多

添加资源
收藏资源
问题反馈

贡献用户

暂无贡献用户

VULHUB ™

chrome: UXSS in...

漏洞利用/PoC

受影响的平台与产品

贡献用户

相关漏洞清单