CVE 2017-15417
Inappropriate implementation in Skia canvas composite operations in Google Chrome prior to 63.0.3239.84 allowed a remote attacker to leak cross-origin data via a crafted HTML page.
See the 
CVE page on Mitre.org
for more details.
