First published: Wed Mar 07 2018(Updated: )
Lack of CORS checking by ResourceFetcher/ResourceLoader in Blink in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
Credit: cve-coordination@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
debian/chromium-browser | ||
redhat/chromium-browser | <65.0.3325.146 | 65.0.3325.146 |
Google Chrome | <65.0.3325.146 | |
Redhat Linux Desktop | =6.0 | |
Redhat Linux Server | =6.0 | |
Redhat Linux Workstation | =6.0 | |
Debian Debian Linux | =9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2018-6066 is a vulnerability found in Google Chrome prior to version 65.0.3325.146 that allows a remote attacker to leak cross-origin data via a crafted HTML page.
CVE-2018-6066 occurs due to a lack of CORS checking by ResourceFetcher/ResourceLoader in Blink, which can be exploited by a remote attacker to extract cross-origin data by using a crafted HTML page.
The severity of CVE-2018-6066 is medium, with a severity score of 6.5.
Google Chrome versions prior to 65.0.3325.146, as well as Redhat Linux Desktop 6.0, Redhat Linux Server 6.0, Redhat Linux Workstation 6.0, and Debian Debian Linux 9.0 are affected by CVE-2018-6066.
To fix CVE-2018-6066, make sure to update Google Chrome to version 65.0.3325.146 or later. Additionally, keep your operating system up to date with the latest security patches.