CVE-2018-16072

A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same…

Chrome·CWE-346·Published 2019-01-09

CVSS

—

EPSS

0.01

KEV

Exploits

cve.orgen

175 chars

A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

NVDen

175 chars

A missing origin check related to HLS manifests in Blink in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass same origin policy via a crafted HTML page.

NVDes

251 chars

La falta de una comprobación de origen relacionada con los manifiestos HLS en Blink en Google Chrome, en versiones anteriores a la 69.0.3497.81, permitía que un atacante remoto omitiese la política del mismo origen mediante una página HTML manipulada.

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
3.0	Primary	NVD	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N