{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-09-24T00:00:00", "descriptions": [{"lang": "en", "value": "Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors involving the document.write method."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2014-01-05T20:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://code.google.com/p/chromium/issues/detail?id=147625"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://googlechromereleases.blogspot.com/2012/09/chrome-for-ios-update_24.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2012-2899", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors involving the document.write method."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://code.google.com/p/chromium/issues/detail?id=147625", "refsource": "CONFIRM", "url": "https://code.google.com/p/chromium/issues/detail?id=147625"}, {"name": "http://googlechromereleases.blogspot.com/2012/09/chrome-for-ios-update_24.html", "refsource": "CONFIRM", "url": "http://googlechromereleases.blogspot.com/2012/09/chrome-for-ios-update_24.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:50:05.189Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://code.google.com/p/chromium/issues/detail?id=147625"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://googlechromereleases.blogspot.com/2012/09/chrome-for-ios-update_24.html"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2012-2899", "datePublished": "2014-01-05T20:00:00", "dateReserved": "2012-05-19T00:00:00", "dateUpdated": "2024-08-06T19:50:05.189Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "B9717017-30FA-4B12-BAE7-14A61831F2AB", "versionEndIncluding": "21.0.1180.81", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.0:*:*:*:*:*:*:*", "matchCriteriaId": "767C0C1A-EAC4-4F98-9E80-CFDA5069F118", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.1:*:*:*:*:*:*:*", "matchCriteriaId": "0E2554F0-0DEB-41A0-A595-6A524F9EC001", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.2:*:*:*:*:*:*:*", "matchCriteriaId": "4F542051-CEED-45A4-BB83-937069D07CB2", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.31:*:*:*:*:*:*:*", "matchCriteriaId": "AC926FFC-EF03-46F0-B5B5-02B34571D6C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.32:*:*:*:*:*:*:*", "matchCriteriaId": "24849FF0-F873-4365-9B82-F16AD7F4A291", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.33:*:*:*:*:*:*:*", "matchCriteriaId": "8E784307-0538-4524-94EA-A88B1ABD0E2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.34:*:*:*:*:*:*:*", "matchCriteriaId": "5655EFE7-69CB-469F-A00A-D6F3F7F492E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.35:*:*:*:*:*:*:*", "matchCriteriaId": "D3B22D68-9E32-4566-8ED1-F1CE87903F98", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.36:*:*:*:*:*:*:*", "matchCriteriaId": "40DB1183-DFF5-4251-BCDF-2F7696ABBFA0", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.37:*:*:*:*:*:*:*", "matchCriteriaId": "8BD5341A-E508-4E5B-B03F-677D97E5A464", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.38:*:*:*:*:*:*:*", "matchCriteriaId": "E096479F-4C69-445A-8C2B-7201896F401B", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.39:*:*:*:*:*:*:*", "matchCriteriaId": "25756B8C-FBEB-4D7F-99E6-EA7D27B07B39", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.41:*:*:*:*:*:*:*", "matchCriteriaId": "41371794-2083-4188-90BE-506419DC0B82", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.46:*:*:*:*:*:*:*", "matchCriteriaId": "51FF3E52-3E8E-4D2F-ABA3-B7D83219D723", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.47:*:*:*:*:*:*:*", "matchCriteriaId": "981570FA-6B44-49A8-9C9B-7D5127E90F6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.48:*:*:*:*:*:*:*", "matchCriteriaId": "36D2B7FE-2B20-47CA-9B3C-B726E21659E8", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.49:*:*:*:*:*:*:*", "matchCriteriaId": "858BDFA4-E9CB-4537-ABA7-4283318CA501", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.50:*:*:*:*:*:*:*", "matchCriteriaId": "76D0CD04-8EF4-4B6A-BD4F-1DFCDDDD4DED", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.51:*:*:*:*:*:*:*", "matchCriteriaId": "9E912B5D-81F3-4A93-A0E6-B1CFDE2B46EE", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.52:*:*:*:*:*:*:*", "matchCriteriaId": "B578A2BC-9360-428C-9AFE-DC9DB9E0A621", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.53:*:*:*:*:*:*:*", "matchCriteriaId": "9DCB6048-5A18-4FD6-A21B-95B595CF943C", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.54:*:*:*:*:*:*:*", "matchCriteriaId": "28882288-859D-425C-8BA3-F46D058B61D6", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.55:*:*:*:*:*:*:*", "matchCriteriaId": "444AD7BB-FE0B-4A51-BA89-EE2647F4E8AE", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.56:*:*:*:*:*:*:*", "matchCriteriaId": "A0692DD3-562D-4BE7-BB61-1549EFFF9CD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.57:*:*:*:*:*:*:*", "matchCriteriaId": "5FF70696-70A8-4DFA-A0C3-172A103F3F24", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.59:*:*:*:*:*:*:*", "matchCriteriaId": "25241621-CBB0-4E39-B901-2F70EE476722", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.60:*:*:*:*:*:*:*", "matchCriteriaId": "1355883C-C184-46C1-9CF7-AA59B0FC61B7", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.61:*:*:*:*:*:*:*", "matchCriteriaId": "DB090D01-9F7E-49CF-8356-80CC03999121", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.62:*:*:*:*:*:*:*", "matchCriteriaId": "A37AB354-581C-42CA-B8E9-9AEAC0B326AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.63:*:*:*:*:*:*:*", "matchCriteriaId": "885EFC87-061C-4EEF-880A-68D7D53BACDA", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.64:*:*:*:*:*:*:*", "matchCriteriaId": "D58B0932-1DF3-4308-8D82-B20564E974F8", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.68:*:*:*:*:*:*:*", "matchCriteriaId": "A8FAD1E6-788F-4295-BFD2-F3CE99B14934", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.69:*:*:*:*:*:*:*", "matchCriteriaId": "DF8AB897-7A45-4360-AFA7-EB7C8690ADD9", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.70:*:*:*:*:*:*:*", "matchCriteriaId": "9EF0FA83-C464-4270-A4E8-1441DF4ECFAD", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.71:*:*:*:*:*:*:*", "matchCriteriaId": "86B70015-F651-467C-A846-5C97772D91EA", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.72:*:*:*:*:*:*:*", "matchCriteriaId": "C07A549D-48EF-434C-ABBA-0FF7078060D7", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.73:*:*:*:*:*:*:*", "matchCriteriaId": "B573E86E-3512-4DB9-911E-1B27A3BB69DC", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.74:*:*:*:*:*:*:*", "matchCriteriaId": "D2BDB997-D125-4B5D-9680-9AED7D89FD0A", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.75:*:*:*:*:*:*:*", "matchCriteriaId": "0BAF7E49-6795-4848-AADD-40D8B2D5F5BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.76:*:*:*:*:*:*:*", "matchCriteriaId": "B7B244B3-86E0-4E1D-96A5-E0B9B50F2ADB", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.77:*:*:*:*:*:*:*", "matchCriteriaId": "A0FF1C67-9CB7-4C78-9F3C-C88AB5A6284D", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.78:*:*:*:*:*:*:*", "matchCriteriaId": "3371BBF5-0B82-4005-96AE-9B604A2FA70B", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.79:*:*:*:*:*:*:*", "matchCriteriaId": "5916EA0D-D763-4650-9AC4-A38C6E8EB052", "vulnerable": true}, {"criteria": "cpe:2.3:a:google:chrome:21.0.1180.80:*:*:*:*:*:*:*", "matchCriteriaId": "443C5B0F-8FC6-40E3-AA95-BB8884176002", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:apple:ipad2:-:*:*:*:*:*:*:*", "matchCriteriaId": "E7BFD4E0-321E-4ECB-82A5-80E9CB6E4EED", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors involving the document.write method."}, {"lang": "es", "value": "Google Chrome anteriores a 21.0.1180.82 en iOS hacen determinadas llamadas incorrectas a m\u00e9todos WebView que invocan el uso de una URL applewebdata:, lo cual permite a atacantes remotos sortear el la Same Origin Policy y efectuar ataques Universal XSS (UXSS) a trav\u00e9s de vectores que incluyen el m\u00e9todo document.write."}], "id": "CVE-2012-2899", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-01-05T20:55:03.990", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://googlechromereleases.blogspot.com/2012/09/chrome-for-ios-update_24.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://code.google.com/p/chromium/issues/detail?id=147625"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://googlechromereleases.blogspot.com/2012/09/chrome-for-ios-update_24.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://code.google.com/p/chromium/issues/detail?id=147625"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{}