CVE 2018-6148

Incorrect implementation in Content Security Policy in Google Chrome prior to 67.0.3396.79 allowed a remote attacker to bypass navigation restrictions via a crafted HTML page.

See the CVE page on Mitre.org for more details.