Universal XSS (UXSS) Vulnerability in Google Chrome for iOS

Universal XSS (UXSS) Vulnerability in Google Chrome for iOS

CVE-2012-2899 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors involving the document.write method.

Learn more about our Cis Benchmark Audit For Apple Ios.