Vulnetix
Try Vulnetix Request Demo
CVE-2016-5135 PUBLISHED

WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "<META name='referrer' content='no-referrer'>" element.

EPSS 0.43% · 62.4th percentile

Risk Scores

EPSS Score
0.43%
62.4th percentile

Affected Products

VendorProductVersions
Ubuntu:14.04:LTSchromium-browser0, 29.0.1547.65-0ubuntu2, 31.0.1650.63-0ubuntu1~20131204.1
Ubuntu:16.04:LTSchromium-browser45.0.2454.101-0ubuntu1.1201, 51.0.2704.79-0ubuntu0.16.04.1.1242, 50.0.2661.102-0ubuntu0.16.04.1.1237
Ubuntu:16.04:LTSoxide-qt1.15.8-0ubuntu0.16.04.1, 0, 1.9.5-0ubuntu1
Ubuntu:14.04:LTSoxide-qt1.11.4-0ubuntu0.14.04.1, 1.12.5-0ubuntu0.14.04.1, 1.12.6-0ubuntu0.14.04.1

Timeline

References

Open in Interactive Console →