{"containers": {"cna": {"affected": [{"product": "Chrome", "vendor": "Google", "versions": [{"lessThan": "64.0.3282.119", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "datePublic": "2018-01-24T00:00:00", "descriptions": [{"lang": "en", "value": "XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page."}], "problemTypes": [{"descriptions": [{"description": "Inappropriate implementation", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-09-26T09:57:01", "orgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "shortName": "Chrome"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"}, {"name": "DSA-4103", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2018/dsa-4103"}, {"name": "102797", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/102797"}, {"name": "1040282", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1040282"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://crbug.com/441275"}, {"name": "RHSA-2018:0265", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:0265"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@google.com", "ID": "CVE-2018-6051", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Chrome", "version": {"version_data": [{"version_affected": "<", "version_value": "64.0.3282.119"}]}}]}, "vendor_name": "Google"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Inappropriate implementation"}]}]}, "references": {"reference_data": [{"name": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html", "refsource": "CONFIRM", "url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"}, {"name": "DSA-4103", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2018/dsa-4103"}, {"name": "102797", "refsource": "BID", "url": "http://www.securityfocus.com/bid/102797"}, {"name": "1040282", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1040282"}, {"name": "https://crbug.com/441275", "refsource": "CONFIRM", "url": "https://crbug.com/441275"}, {"name": "RHSA-2018:0265", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:0265"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T05:54:52.978Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"}, {"name": "DSA-4103", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2018/dsa-4103"}, {"name": "102797", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/102797"}, {"name": "1040282", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1040282"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://crbug.com/441275"}, {"name": "RHSA-2018:0265", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:0265"}]}]}, "cveMetadata": {"assignerOrgId": "ebfee0ef-53dd-4cf3-9e2a-08a5bd7a7e28", "assignerShortName": "Chrome", "cveId": "CVE-2018-6051", "datePublished": "2018-09-25T14:00:00", "dateReserved": "2018-01-23T00:00:00", "dateUpdated": "2024-08-05T05:54:52.978Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*", "matchCriteriaId": "BA764B9B-8048-4775-A9F7-3DD41AA467A7", "versionEndExcluding": "64.0.3282.119", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page."}, {"lang": "es", "value": "XSS Auditor en Google Chrome en versiones anteriores a la 64.0.3282.119 no asegur\u00f3 que la URL de reporte estaba en el mismo origen que la p\u00e1gina en la que estaba, lo que permit\u00eda que un atacante remoto obtuviese detalles de referrer mediante una p\u00e1gina HTML manipulada."}], "id": "CVE-2018-6051", "lastModified": "2024-11-21T04:09:57.887", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-25T14:29:03.523", "references": [{"source": "chrome-cve-admin@google.com", "url": "http://www.securityfocus.com/bid/102797"}, {"source": "chrome-cve-admin@google.com", "url": "http://www.securitytracker.com/id/1040282"}, {"source": "chrome-cve-admin@google.com", "url": "https://access.redhat.com/errata/RHSA-2018:0265"}, {"source": "chrome-cve-admin@google.com", "url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"}, {"source": "chrome-cve-admin@google.com", "url": "https://crbug.com/441275"}, {"source": "chrome-cve-admin@google.com", "url": "https://www.debian.org/security/2018/dsa-4103"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/102797"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securitytracker.com/id/1040282"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://access.redhat.com/errata/RHSA-2018:0265"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://crbug.com/441275"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.debian.org/security/2018/dsa-4103"}], "sourceIdentifier": "chrome-cve-admin@google.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2018:0265", "cpe": "cpe:/a:redhat:rhel_extras:6", "package": "chromium-browser-0:64.0.3282.119-1.el6_9", "product_name": "Red Hat Enterprise Linux 6 Supplementary", "release_date": "2018-02-01T00:00:00Z"}], "bugzilla": {"description": "chromium-browser: referrer leak in xss auditor", "id": "1538523", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538523"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "status": "verified"}, "details": ["XSS Auditor in Google Chrome prior to 64.0.3282.119, did not ensure the reporting URL was in the same origin as the page it was on, which allowed a remote attacker to obtain referrer details via a crafted HTML page."], "name": "CVE-2018-6051", "public_date": "2018-01-24T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-6051\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-6051\nhttps://chromereleases.googleblog.com/2018/01/stable-channel-update-for-desktop_24.html"], "threat_severity": "Low", "upstream_fix": "chromium-browser 64.0.3282.119"}