CVE-2018-6051

Summary

XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page.

Affected Software

VendorProductVersion RangeStatus
GoogleChromeunspecified < 64.0.3282.119affected

Weaknesses

  • Inappropriate implementation

ADP Enrichment

CVE Program Container

Additional References

References