Universal XSS (UXSS) Vulnerability in Google Chrome for iOS
CVE-2012-2899 · MEDIUM Severity
AV:N/AC:M/AU:N/C:N/I:P/A:N
Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors involving the document.write method.
Learn more about our Cis Benchmark Audit For Apple Ios.