CVE-2018-20071: XSS
First published: Tue Dec 04 2018(Updated: )
Insufficiently strict origin checks during JIT payment app installation in Payments in Google Chrome prior to 70.0.3538.67 allowed a remote attacker to install a service worker for a domain that can host attacker controled files via a crafted HTML page.
Credit: cve-coordination@google.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Google Chrome | <70.0.3538.67 | |
| Google Chrome | <71.0.3578.80 | 71.0.3578.80 |
Remedy
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2018-17480
- CVE-2018-17481
- CVE-2018-18335
- CVE-2018-18336
- CVE-2018-18337
- CVE-2018-18338
- CVE-2018-18339
- CVE-2018-18340
- CVE-2018-18341
- CVE-2018-18342
- CVE-2018-18343
- CVE-2018-18344
- CVE-2018-18345
- CVE-2018-18346
- CVE-2018-18347
- CVE-2018-18348
- CVE-2018-18349
- CVE-2018-18350
- CVE-2018-18351
- CVE-2018-18352
- CVE-2018-18353
- CVE-2018-18354
- CVE-2018-18355
- CVE-2018-18356
- CVE-2018-18357
- CVE-2018-18358
- CVE-2018-18359
- CVE-2018-20065
- CVE-2018-20066
- CVE-2018-20067
- CVE-2018-20068
- CVE-2018-20069
- CVE-2018-20070
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/severity
- agent/author
- agent/remedy
- agent/weakness
- agent/description
- collector/chrome-releases
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/tags
- agent/trending
- vendor/google
- canonical/google chrome