Bug 970518 (CVE-2016-2845) - VUL-0: CVE-2016-2845: chromium: CSP implementation in Blink does not ignore a URL's path component in the case of a ServiceWorker fetch
Summary: VUL-0: CVE-2016-2845: chromium: CSP implementation in Blink does not ignore a...
Status: RESOLVED FIXED
Alias: CVE-2016-2845
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other openSUSE 42.1
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Forgotten User sM9JzehKpy
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/162702/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2016-03-10 15:47 UTC by Victor Pereira
Modified: 2016-04-03 18:57 UTC (History)
2 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Victor Pereira 2016-03-10 15:47:45 UTC 
rh#1315362

The Content Security Policy (CSP) implementation in Blink, as used in Google
Chrome before 49.0.2623.75, does not ignore a URL's path component in the case
of a ServiceWorker fetch, which allows remote attackers to obtain sensitive
information about visited web pages by reading CSP violation reports, related to
FrameFetchContext.cpp and ResourceFetcher.cpp.

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1315362
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-2845
http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2845.html
http://www.cvedetails.com/cve/CVE-2016-2845/
https://bugs.chromium.org/p/chromium/issues/detail?id=542060
http://homakov.blogspot.com/2014/01/using-content-security-policy-for-evil.html
https://codereview.chromium.org/1454003003/
Comment 1 Swamp Workflow Management 2016-03-10 23:01:33 UTC 
bugbot adjusting priority
Comment 2 Andreas Stieger 2016-04-03 18:57:43 UTC 
Already fixed