Cross-Site Scripting (XSS) Auditor Bypass in Google Chrome prior to 64.0.3282.119

Cross-Site Scripting (XSS) Auditor Bypass in Google Chrome prior to 64.0.3282.119

CVE-2018-6051 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page.

Learn more about our Cis Benchmark Audit For Google Chrome.