CVE-2018-6148

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 67.0.3396.79

Description The issue is related to an incorrect implementation of Content Security Policy in Google Chrome, allowing a remote attacker to bypass navigation restrictions via a crafted HTML page. This is due to the browser's failure to properly handle CRLF sequences, which can be exploited by an attacker to bypass navigation restrictions. The vulnerability affects Google Chrome and potentially other browsers like Opera, due to incorrect handling of CSP headers, allowing attackers to affect the system.

Recommendations For Google Chrome versions prior to 67.0.3396.79, update to version 67.0.3396.79 or later to resolve the issue. For Opera, consider disabling the use of CSP headers until a patch is available. As a temporary workaround, consider restricting the use of HTML pages that could potentially exploit this issue until a patch is available.