0.01 Low
EPSS
Percentile
83.7%
A lack of CORS checks, after a Service Worker redirected to a cross-origin PDF, in Service Worker in Google Chrome prior to 66.0.3359.117 allowed a remote attacker to leak limited cross-origin data via a crafted HTML page.
bugzilla.redhat.com/show_bug.cgi?id=1568765
chromereleases.googleblog.com/2018/04/stable-channel-update-for-desktop.html