CVE-2018-6150

Description

Incorrect handling of CORS in ServiceWorker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak cross-origin data via a crafted HTML page.

Risk Information

Base Score

6.5

MODERATE

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

EPSS Score

Exploitation Probability

0.197

Associated Vulnerability

Vulnerability	OS Platform
Google Chrome (68.0.3440.75)	Windows
Google Chrome (x64) (68.0.3440.75)	Windows
Multiple vulnerabilities fixed in Updates for Google Chrome (x64) (66.0.3359.117)	Windows
Multiple vulnerabilities fixed in Updates for Google Chrome (66.0.3359.117)	Windows
chromium-browser security update(DSA-4256-1) chromium_68.0.3440.75-1~deb9u1_i386.deb	Linux
chromium-browser security update(DSA-4256-1) chromium_68.0.3440.75-1~deb9u1_amd64.deb	Linux
Google Chrome (68.0.3440.75) (For Debian)	Linux
Multiple vulnerabilities fixed in Updates for Google Chrome (66.0.3359.117) (For Debian)	Linux
Google Chrome (68.0.3440.75) (For Centos)	Linux
Multiple vulnerabilities fixed in Updates for Google Chrome (66.0.3359.117) (For Centos)	Linux
Google Chrome (68.0.3440.75) (For RedHat)	Linux
Multiple vulnerabilities fixed in Updates for Google Chrome (66.0.3359.117) (For RedHat)	Linux
Google Chrome (68.0.3440.75) (For Suse)	Linux
Multiple vulnerabilities fixed in Updates for Google Chrome (66.0.3359.117) (For Suse)	Linux
Google Chrome (68.0.3440.75) (For Ubuntu)	Linux
Multiple vulnerabilities fixed in Updates for Google Chrome (66.0.3359.117) (For Ubuntu)	Linux

Patch Details

Click to see the patches provided by ManageEngine for this CVE

Patch ID	Patch Description
PATCH-307865	Google Chrome (68.0.3440.75)
PATCH-307866	Google Chrome (x64) (68.0.3440.75)
PATCH-313039	Google Chrome (x64) (80.0.3987.122)
PATCH-313039	Google Chrome (x64) (80.0.3987.122)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234