Ubuntu Security Notice 2768-1 - Abdulrahman Alqabandi and Ben Kelly discovered that the fetch() API did not correctly implement the Cross Origin Resource Sharing (CORS) specification. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to obtain sensitive information from other origins.
f434d15b0564f92f8e88efd4d7813038b974c41476f40e6afe4a2f165f6ce642