SUSE CVE-2013-2921

Double free vulnerability in the ResourceFetcher::didLoadResource function in core/fetch/ResourceFetcher.cpp in the resource loader in Blink, as used in Google Chrome before 30.0.1599.66, allows remote attackers to cause a denial of service or possibly have unspecified other impact by triggering...

SUSE CVE-2014-3160

The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp in Blink, as used in Google Chrome before 36.0.1985.125, does not properly restrict subresource requests associated with SVG files, which allows remote attackers to bypass the Same Origin Policy via a crafted file...

SUSE CVE-2016-2845

The Content Security Policy CSP implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation report...

The vulnerability of Google Chrome browser allows a perpetrator to obtain confidential information.

The vulnerability of the Content Security Policy CSP implementation in Google Chrome’s Blink engine is related to the lack of protection for service data. Exploiting this vulnerability could allow a malicious actor, operating remotely, to obtain confidential information about visited web pages by...

chromium-browser: CSP implementation in Blink does not ignore a URL's path component in the case of a ServiceWorker fetch

The Content Security Policy CSP implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation report...