CVE-2018-18351

Summary

Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page.

Affected Software

VendorProductVersion RangeStatus
GoogleChromeunspecified < 71.0.3578.80affected

Weaknesses

  • Insufficient policy enforcement

ADP Enrichment

CVE Program Container

Additional References

References