6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.014 Low
EPSS
Percentile
86.0%
The ResourceFetcher::canRequest function in core/fetch/ResourceFetcher.cpp
in Blink, as used in Google Chrome before 36.0.1985.125, does not properly
restrict subresource requests associated with SVG files, which allows
remote attackers to bypass the Same Origin Policy via a crafted file.