CVE-2012-2899

CVE Database · CVE-2012-2899

CVE-2012-2899

· N/AModified

CVSS v3.1

N/A

EPSS

0.81%

Published

Jan 5, 2014

Modified

Apr 28, 2026

Public PoC / Exploit

All weaponized →

No public PoC or exploit code indexed for this CVE.

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Google Chrome before 21.0.1180.82 on iOS makes certain incorrect calls to WebView methods that trigger use of an applewebdata: URL, which allows remote attackers to bypass the Same Origin Policy and conduct Universal XSS (UXSS) attacks via vectors involving the document.write method.

Weaknesses (CWE)

CWE-79

Affected Products (46)

google · chromevulnerable

· chrome

References (4)

http://googlechromereleases.blogspot.com/2012/09/chrome-for-ios-update_24.html

https://code.google.com/p/chromium/issues/detail?id=147625

http://googlechromereleases.blogspot.com/2012/09/chrome-for-ios-update_24.html

https://code.google.com/p/chromium/issues/detail?id=147625

KEV Catalog EPSS Scores Vendors All CVEs

google · chromevulnerable