4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
4.1 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
76.0%
The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easier for remote attackers to determine whether a specific HSTS web site has been visited by reading a CSP report.
CPE | Name | Operator | Version |
---|---|---|---|
chrome | le | 47.0.2526.106 |
lists.opensuse.org/opensuse-security-announce/2016-01/msg00035.html
lists.opensuse.org/opensuse-security-announce/2016-01/msg00036.html
lists.opensuse.org/opensuse-security-announce/2016-01/msg00046.html
rhn.redhat.com/errata/RHSA-2016-0072.html
www.debian.org/security/2016/dsa-3456
www.securityfocus.com/bid/81430
www.securitytracker.com/id/1034801
www.ubuntu.com/usn/USN-2877-1
code.google.com/p/chromium/issues/detail?id=544765
codereview.chromium.org/1455973003
googlechromereleases.blogspot.com/2016/01/stable-channel-update_20.html
security.gentoo.org/glsa/201603-09
4.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
4.1 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
76.0%