CVE-2018-6083

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
14/11/2018
Last modified:
07/11/2023

Description

Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:* 65.0.3325.146 (excluding)
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*