virus logo Endpoint Vulnerability

Google Chrome CVE-2016-2845 Information Disclosure Vulnerability

description-logoDescription

The Content Security Policy (CSP) implementation in Blink, as used in Google Chrome before 49.0.2623.75, does not ignore a URL's path component in the case of a ServiceWorker fetch, which allows remote attackers to obtain sensitive information about visited web pages by reading CSP violation reports, related to FrameFetchContext.cpp and ResourceFetcher.cpp.

affected-products-logoAffected Applications

Google Chrome

Version Updates

Date Version Status Detail
2025-07-10 1.00878
Modified
 Google Chrome
2019-09-11 1.00194
Modified
 Google Chrome
2019-03-12 1.00182
Modified
 Google Chrome
2019-01-08 1.00178
Modified
 Google Chrome
2017-07-25 1.00142
Modified
 Google Chrome

References

https://chromereleases.googleblog.com/search/label/Stable%20updates
ID 24885
Created Jul 11, 2018
Description
Updated		 Jul 10, 2025
CVE ID
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor Google
Patch manual
Application Google Chrome