SUSE CVE-2015-1300

The FrameFetchContext::updateTimingInfoForIFrameNavigation function in core/loader/FrameFetchContext.cpp in Blink, as used in Google Chrome before 45.0.2454.85, does not properly restrict the availability of IFRAME Resource Timing API times, which allows remote attackers to obtain sensitive...

SUSE CVE-2016-2845

The Content Security Policy CSP implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation report...

The vulnerability of Google Chrome browser allows a perpetrator to obtain confidential information.

The vulnerability of the Content Security Policy CSP implementation in Google Chrome’s Blink engine is related to the lack of protection for service data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain confidential information about visited web pages by...

chromium-browser: CSP implementation in Blink does not ignore a URL's path component in the case of a ServiceWorker fetch

The Content Security Policy CSP implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation report...