CVE-2012-2899

Google Chrome <21.0.1180.82 - XSS

Title source: llm

Description

Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors involving the document.write method.

References (2)

[Release Notes, Vendor Advisory] http://googlechromereleases.blogspot.com/2012/09/chrome-for-ios-update_24.html

[Issue Tracking] https://code.google.com/p/chromium/issues/detail?id=147625

Scores

EPSS 0.0012

EPSS Percentile 30.4%

Details

CWE

CWE-79

Status published

Products (46)

google/chrome < 21.0.1180.81

google/chrome

... and 36 more

Published Jan 05, 2014

Tracked Since Feb 18, 2026