CVE-2018-18351

Publication date

2018-12-11 15:00:00

Family

Chrome

State

PUBLISHED

Description

Lack of proper validation of ancestor frames site when sending lax cookies in Navigation in Google Chrome prior to 71.0.3578.80 allowed a remote attacker to bypass SameSite cookie policy via a crafted HTML page.