Vulnerability: Google Chrome Browser – CVE-2018-6148: Incorrect handling of CSP header

On May 23rd, a security researcher reported a vulnerability in the Chrome Desktop Browser (Pre-Version 67.0.3396.79) that allows for the mishandling of the Content Security Policy (CSP) header. The CSP header allows website developers to implement a 2nd layer of security on their websites to prevent possible malicious activity. The vulnerability bypasses the SECURITY_CHECK in Chrome, allowing possible cross-site scripting, clickjacking, and varying types of code injection attacks against vulnerable users browsing affected websites.

Chrome released a patch on June 05 fixing the vulnerability and raising the version to 67.0.3396.79. Chrome has reserved CVE-2018-6148 for the vulnerability but is restricting details surrounding the bug until the majority of Chrome users have been updated to prevent threat actors from exploiting the vulnerability.

The Proficio Threat Intelligence Recommendations:

  • Update Chrome to the latest version
  • Always make sure to stay up to date on application updates and security patches

Patch Release Page – Click Here
General Info – Click Here

Recent Blog Posts

Stay Ahead of Evolving Threats

Signup for our free newsletter and receive invaluable threat notifications from our Threat Intelligence team.

By submitting this form, you agree to the Proficio Website Terms of Use and the Proficio Privacy Policy.


Experience Tomorrow’s
Security Today

Request a Demo and Experience Proficio's
Innovative Solutions in Action.

By submitting this form, you agree to the Proficio Website Terms of Use and the Proficio Privacy Policy.