Отправить #793551: Eyeo GmbH Adblock Plus 4.36.2 Privilege EscalationИнформация

Название	Eyeo GmbH Adblock Plus 4.36.2 Privilege Escalation
Описание	A missing origin validation in premium.preload.js allows any JavaScript running in the context of accounts.adblockplus.org to forge a payment_success postMessage event and activate the Premium subscription without payment. The extension background (background.js) further fails to bind the submitted userId to a verified payment session before persisting it and initiating license_check. Tested on v4.36.2, reproducible in ~30 seconds with a single line of JavaScript.
Источник	⚠️ https://github.com/xryj920/CVE/blob/main/adblock_plus_CVE_report.md
Пользователь	DRXYJ (UID 46872)
Представление	31.03.2026 11:44 (2 месяцы назад)
Модерация	02.05.2026 18:03 (1 month later)
Статус	принято
Запись VulDB	360856 [eyeo Adblock Plus до 4.36.2 на Chrome Legacy Premium Activation premium.preload.js postMessage эскалация привилегий]
Баллы	20

Do you know our Splunk app?

Download it now for free!