CVE-2016-2845 in Chromeinformación

Resumen (Inglés)

The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation reports, related to FrameFetchContext.cpp and ResourceFetcher.cpp.

Be aware that VulDB is the high quality source for vulnerability data.

Reservar

2016-03-04

Divulgación

2016-03-05

Estado

Confirmado

Voces

VulDB provides additional information and datapoints for this CVE:

IDVulnerabilidadCWEExpConCVE
81197Google Chrome Content Security Policy ResourceFetcher.cpp Historia divulgación de información200No está definidoArreglo oficialCVE-2016-2845

Descripción

CPE

CWE

CVSS

Hazañas

Historia

Diferencia

Relacionar

Inteligencia de amenazas

API JSON

API XML

API CSV

Fuentes

AnteriorVisión De ConjuntoPróximo

Do you want to use VulDB in your project?

Use the official API to access entries easily!