Google Chrome CSPSource::schemeMatches Information Disclosure Vulnerability

Google Chrome is a web browsing tool developed by Google. In the CSP implementation of Blink in versions of Google Chrome prior to 52.0.2743.82, the WebKit/Source/core/frame/csp/CSPSource.cpp/CSPSource::schemeMatches function does not apply the http :80 policy to the https : 443 URL, nor does it...

Vulnerability in Google Chrome Blink Content Security Policy

Google Chrome is a web browser. Google V8 is one of the open source JavaScript engines. Google Chrome uses Blink's Content Security Policy CSP implementation process of WebKit/Source/core/frame/csp/CSPSource.cpp file in the 'CSPSource::. SchemeMatches function in the...

chromium-browser: various fixes from internal audits

The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy CSP implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easie...

CVE-2016-1617

The CSPSource::schemeMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp in the Content Security Policy CSP implementation in Blink, as used in Google Chrome before 48.0.2564.82, does not apply http policies to https URLs and does not apply ws policies to wss URLs, which makes it easie...