CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
73.7%
The Content Security Policy (CSP) implementation in Blink, as used in
Google Chrome before 49.0.2623.75, does not ignore a URL’s path component
in the case of a ServiceWorker fetch, which allows remote attackers to
obtain sensitive information about visited web pages by reading CSP
violation reports, related to FrameFetchContext.cpp and
ResourceFetcher.cpp.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | chromium-browser | < 49.0.2623.87-0ubuntu0.14.04.1.1112 | UNKNOWN |
ubuntu | 15.10 | noarch | chromium-browser | < 49.0.2623.87-0ubuntu0.15.10.1.1222 | UNKNOWN |
ubuntu | 14.04 | noarch | oxide-qt | < 1.13.6-0ubuntu0.14.04.1 | UNKNOWN |
ubuntu | 15.10 | noarch | oxide-qt | < 1.13.6-0ubuntu0.15.10.1 | UNKNOWN |
googlechromereleases.blogspot.com/2016/03/stable-channel-update.html
homakov.blogspot.com/2014/01/using-content-security-policy-for-evil.html
bugs.chromium.org/p/chromium/issues/detail?id=542060
code.google.com/p/chromium/issues/detail?id=591402
codereview.chromium.org/1454003003/
launchpad.net/bugs/cve/CVE-2016-2845
nvd.nist.gov/vuln/detail/CVE-2016-2845
security-tracker.debian.org/tracker/CVE-2016-2845
ubuntu.com/security/notices/USN-2920-1
www.cve.org/CVERecord?id=CVE-2016-2845
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
73.7%