5 matches found
EUVD-2016-6086
Malware in sbrugna...
The vulnerability of Google Chrome browser allows a perpetrator to bypass the protective mechanisms of CSP.
The vulnerability in the WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp file of the Google Chrome browser’s Blink component relates to the lack of checks for links within an HTML document during its loading. Exploiting this vulnerability allows a malicious actor to circumvent the Content...
chromium-browser: content-security-policy bypass
WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy CSP protection mechanis...
CVE-2016-5135
WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy CSP protection mechanis...
CVE-2016-5135
Summary of CVE-2016-5135: In Blink’s HTMLPreloadScanner.cpp, the preload path did not take into account the referrer-policy within an HTML document, enabling a CSP bypass via a crafted site that uses a CSP header like Content-Security-Policy: referrer origin-when-cross-origin to override a meta r...