Google Chrome 72.0.3626.81 - V8TrustedTypePolicyOptions::ToImpl Type Confusion
Google Chrome 72.0.3626.81 - V8TrustedTypePolicyOptions::ToImpl Type Confusion VULNERABILITY DETAILS The binding code generator doesn't add checks to ensure that the callback properties of a dictionary are indeed JS functions. For example, for the the TrustedTypePolicyOptions dictionary:...