CVE-2018-4117
chromium-browser: Cross origin information leak in Blink
Severity Score
Exploit Likelihood
Affected Versions
12Public Exploits
0Exploited in Wild
-Decision
Descriptions
An issue was discovered in certain Apple products. iOS before 11.3 is affected. Safari before 11.1 is affected. iCloud before 7.4 on Windows is affected. iTunes before 12.7.4 on Windows is affected. watchOS before 4.3 is affected. The issue involves the fetch API in the "WebKit" component. It allows remote attackers to bypass the Same Origin Policy and obtain sensitive information via a crafted web site.
Se ha descubierto un problema en algunos productos Apple. Las versiones de iOS anteriores a la 11.3 se han visto afectadas. Se han visto afectadas las versiones de Safari anteriores a la 11.1, las versiones de iCloud anteriores a la 7.4 en Windows, las versiones de iTunes anteriores a la 12.7.4 en Windows y las versiones de watchOS anteriores a la 4.3. El problema afecta a la API fetch en el componente "WebKit". Permite que atacantes remotos omitan la Política del Mismo Origen y obtengan información sensible mediante un sitio web manipulado.
A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-01-02 CVE Reserved
- 2018-03-30 CVE Published
- 2024-08-05 CVE Updated
- 2025-04-03 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (14)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHSA-2018:2282 | 2018-11-09 | |
| https://security.gentoo.org/glsa/201808-01 | 2018-11-09 | |
| https://security.gentoo.org/glsa/201808-04 | 2018-11-09 | |
| https://support.apple.com/HT208693 | 2018-11-09 | |
| https://support.apple.com/HT208694 | 2018-11-09 | |
| https://support.apple.com/HT208695 | 2018-11-09 | |
| https://support.apple.com/HT208696 | 2018-11-09 | |
| https://support.apple.com/HT208697 | 2018-11-09 | |
| https://usn.ubuntu.com/3635-1 | 2018-11-09 | |
| https://www.debian.org/security/2018/dsa-4256 | 2018-11-09 |