CVE-2016-5137Sensitive Information Exposure in Google Chrome

CWE-200Sensitive Information Exposure8 documents6 sources
Severity
4.3MEDIUMNVD
OSV8.8
EPSS
1.0%
top 22.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedJul 23
Latest updateMay 17

Description

The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 52.0.2743.82, does not apply http :80 policies to https :443 URLs and does not apply ws :80 policies to wss :443 URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report. NOTE: this vulnerability is associated with a specification change after

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages1 packages

NVDgoogle/chrome51.0.2704.106

🔴Vulnerability Details

3
GHSA
GHSA-jc87-h9fr-rr78: The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource2022-05-17
OSV
oxide-qt vulnerabilities2016-08-05
OSV
CVE-2016-5137: The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource2016-07-23

📋Vendor Advisories

2
Ubuntu
Oxide vulnerabilities2016-08-05
Red Hat
chromium-browser: history sniffing with hsts and csp2016-07-20

💬Community

2
Bugzilla
CVE-2016-5137 chromium-browser: history sniffing with hsts and csp2016-07-21
Bugzilla
Probe browser history via HSTS/301 redirect + CSP2016-07-06