Cross-Site Scripting (XSS) Auditor Bypass in Google Chrome prior to 64.0.3282.119
CVE-2018-6051 · MEDIUM Severity
AV:N/AC:M/AU:N/C:P/I:N/A:N
XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page.
Learn more about our Cis Benchmark Audit For Google Chrome.