CVE-2017-15419

Summary

Insufficient policy enforcement in Resource Timing API in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to infer browsing history by triggering a leaked cross-origin URL via a crafted HTML page.

Affected Software

VendorProductVersion RangeStatus
n/aGoogle Chrome prior to 63.0.3239.84 unknownGoogle Chrome prior to 63.0.3239.84 unknownaffected

Weaknesses

  • Insufficient Policy Enforcement

ADP Enrichment

CVE Program Container

Additional References

References