Improper Authorization
CVE-2018-16074
Summary
Insufficient policy enforcement in site isolation in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass site isolation via a crafted HTML page.
- LOW
- NETWORK
- NONE
- UNCHANGED
- REQUIRED
- NONE
- HIGH
- NONE
CWE-285 - Improper Authorization
The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
References
Advisory Timeline
- Published