Unrated severityNVD Advisory· Published Dec 6, 2015· Updated Jun 17, 2026
CVE-2015-6785
CVE-2015-6785
Description
The CSPSource::hostMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts an x.y hostname as a match for a *.x.y pattern, which might allow remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging a policy that was intended to be specific to subdomains.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
10- googlechromereleases.blogspot.com/2015/12/stable-channel-update.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.htmlnvd
- www.debian.org/security/2015/dsa-3415nvd
- www.securityfocus.com/bid/78416nvd
- www.securitytracker.com/id/1034298nvd
- www.ubuntu.com/usn/USN-2825-1nvd
- code.google.com/p/chromium/issues/detailnvd
- codereview.chromium.org/1367933003nvd
- security.gentoo.org/glsa/201603-09nvd
News mentions
0No linked articles in our index yet.