Incorrect Permission Assignment for Critical Resource
CVE-2018-16087
Summary
Lack of proper state tracking in Permissions in Google Chrome prior to 69.0.3497.81 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
- LOW
- NETWORK
- NONE
- UNCHANGED
- REQUIRED
- NONE
- LOW
- NONE
CWE-732 - Incorrect Permission Assignment for Critical Resource
The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
References
Advisory Timeline
- Published