04 Déc 2015
Vulnerability Details :
The CSPSourceList::matches function in WebKit/Source/core/frame/csp/CSPSourceList.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts a blob:, data:, or filesystem: URL as a match for a * pattern, which allows remote attackers to bypass intended scheme restrictions in opportunistic circumstances by leveraging a policy that relies on this pattern.
Publish Date : 2015-12-05 Last Update Date : 2015-12-05
- CVSS Scores & Vulnerability Types
- Related OVAL Definitions
OVAL (Open Vulnerability and Assessment Language) definitions define exactly what should be done to verify a vulnerability or a missing patch. Check out the OVAL definitions if you want to learn what you should do to verify a vulnerability.
- Products Affected By CVE-2015-6786
- References For CVE-2015-6786
- Metasploit Modules Related To CVE-2015-6786
There are not any metasploit modules related to this vulnerability (Please visit www.metasploit.com for more information)