Full title: Google Chrome 31.0 XSS Auditor Bypass Vulnerability 
Category: remote exploits
Platform: multiple
Google chrome XSS auditor was found prone to a bypass when the user input passed though location.hash was being written to the DOM by using document.write property. Normally, XSS auditor checks XSS by comparing the request and response however, it also checks for request itself, if it contains an untrusted input to prevent DOM XSS as well.

# 0day.today @ http://0day.today/