CVE-2018-6148
Improper Neutralization of CRLF Sequences ('CRLF Injection') (CWE-93)
Published: Jun 27, 2019 / Updated: 65mo ago
010
No CVSS yetEPSS 0.09%
CVE info copied to clipboard
Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.
Timeline
First Article
Feedly found the first article mentioning CVE-2018-6148. See article
Jun 6, 2018 at 6:05 PM / chromereleases.googleblog.com
EPSS
EPSS Score was set to: 0.09% (Percentile: 39.3%)
Oct 28, 2023 at 5:21 PM
Affected Systems
Google/chrome
+null more
Patches
crbug.com
+null more
Attack Patterns
CAPEC-15: Command Delimiters
+null more
News
openSUSE Security Update : Chromium (openSUSE-2018-759)
Update the affected Chromium packages. This update for Chromium to version 67.0.3396.99 fixes multiple issues.
CVE-2018-6148 | Google Chrome up to 67.0.3396.62 Content Security Policy HTML Page crlf injection (FEDORA-2018-7c80aaef26 / Nessus ID 120558)
A vulnerability was found in Google Chrome and classified as critical . This issue affects some unknown processing of the component Content Security Policy . The manipulation as part of HTML Page leads to crlf injection. The identification of this vulnerability is CVE-2018-6148 . The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.