CVE-2018-18352 — Incorrect Permission Assignment in Google Chrome
Severity
6.5MEDIUMNVD
EPSS
0.7%
top 27.11%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedDec 11
Latest updateMay 13
Description
Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass same origin policy for audio content via a crafted HTML page.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages6 packages
Also affects: Debian Linux 9.0
🔴Vulnerability Details
3GHSA▶
GHSA-7g9v-pj4g-rw44: Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71↗2022-05-13
OSV▶
CVE-2018-18352: Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71↗2018-12-11
CVEList▶
CVE-2018-18352: Service works could inappropriately gain access to cross origin audio in Media in Google Chrome prior to 71↗2018-12-11