CVE-2018-6048Improper Input Validation in Google Chrome

CWE-20Improper Input Validation6 documents6 sources
Severity
4.3MEDIUMNVD
EPSS
0.8%
top 26.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Google ChromeDebian LinuxRedhat Enterprise Linux Desktop+2 more
Timeline
PublishedSep 25
Latest updateMay 14

Description

Insufficient policy enforcement in Blink in Google Chrome prior to 64.0.3282.119 allowed a remote attacker to potentially leak referrer information via a crafted HTML page.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages5 packages

CVEListV5google/chromeunspecified64.0.3282.119
NVDgoogle/chrome< 64.0.3282.119

Also affects: Debian Linux 8.0, 9.0

🔴Vulnerability Details

3
GHSA
GHSA-fcrr-v34q-vcj4: Insufficient policy enforcement in Blink in Google Chrome prior to 642022-05-14
CVEList
CVE-2018-6048: Insufficient policy enforcement in Blink in Google Chrome prior to 642018-09-25
OSV
CVE-2018-6048: Insufficient policy enforcement in Blink in Google Chrome prior to 642018-09-25

📋Vendor Advisories

1
Red Hat
chromium-browser: referrer policy bypass in blink2018-01-24

💬Community

1
Bugzilla
CVE-2018-6048 chromium-browser: referrer policy bypass in blink2018-01-25
CVE-2018-6048 — Improper Input Validation in Google | cvebase