CVE-2018-6164

🗓️ 09 Jan 2019 19:00:00Reported by ChromeType

Insufficient origin checks for CSS content in Blink in Google Chrome prior to 68.0.3440.75 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Reporter	Title	Published	Views	Family All 47
FreeBSD	chromium -- multiple vulnerabilities	24 Jul 201800:00	–	freebsd
CNVD	Google Chrome Same Origin Policy Bypass Vulnerability (CNVD-2018-17051)	25 Jul 201800:00	–	cnvd
Cvelist	CVE-2018-6164	9 Jan 201919:00	–	cvelist
Debian	[SECURITY] [DSA 4256-1] chromium-browser security update	27 Jul 201805:15	–	debian
Debian	[SECURITY] [DSA 4256-1] chromium-browser security update	27 Jul 201805:15	–	debian
Debian CVE	CVE-2018-6164	9 Jan 201919:00	–	debiancve
Tenable Nessus	Debian DSA-4256-1 : chromium-browser - security update	27 Jul 201800:00	–	nessus
Tenable Nessus	Fedora 28 : chromium (2018-499f2dbc96)	3 Jan 201900:00	–	nessus
Tenable Nessus	Fedora 27 : chromium (2018-4a16e37c81)	24 Sep 201800:00	–	nessus
Tenable Nessus	FreeBSD : chromium -- multiple vulnerabilities (b9c525d9-9198-11e8-beba-080027ef1a23)	30 Jul 201800:00	–	nessus

NVD

Vulners

Node

google chromeRange<68.0.3440.75

Node

debian debian_linuxMatch9.0

Node

redhat enterprise_linux_desktopMatch6.0

redhat enterprise_linux_serverMatch6.0

redhat enterprise_linux_workstationMatch6.0

[
  {
    "product": "Chrome",
    "vendor": "Google",
    "versions": [
      {
        "lessThan": "68.0.3440.75",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
access	www.access.redhat.com/errata/RHSA-2018:2282
debian	www.debian.org/security/2018/dsa-4256
security	www.security.gentoo.org/glsa/201808-01
securityfocus	www.securityfocus.com/bid/104887
chromereleases	www.chromereleases.googleblog.com/2018/07/stable-channel-update-for-desktop.html
crbug	www.crbug.com/848786

21 Nov 2024 04:10Current

6.2Medium risk

Vulners AI Score6.2

CVSS 24.3

CVSS 36.5

EPSS0.00542

CWE-200