Unrated severityNVD Advisory· Published Dec 6, 2015· Updated Jun 17, 2026
CVE-2015-6786
CVE-2015-6786
Description
The CSPSourceList::matches function in WebKit/Source/core/frame/csp/CSPSourceList.cpp in the Content Security Policy (CSP) implementation in Google Chrome before 47.0.2526.73 accepts a blob:, data:, or filesystem: URL as a match for a * pattern, which allows remote attackers to bypass intended scheme restrictions in opportunistic circumstances by leveraging a policy that relies on this pattern.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3Patches
Vulnerability mechanics
References
10- googlechromereleases.blogspot.com/2015/12/stable-channel-update.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-12/msg00016.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-12/msg00017.htmlnvd
- www.debian.org/security/2015/dsa-3415nvd
- www.securityfocus.com/bid/78416nvd
- www.securitytracker.com/id/1034298nvd
- www.ubuntu.com/usn/USN-2825-1nvd
- code.google.com/p/chromium/issues/detailnvd
- codereview.chromium.org/1361763005/nvd
- security.gentoo.org/glsa/201603-09nvd
News mentions
0No linked articles in our index yet.