CVE-2016-1636
CVE-2016-1636 affects Google Chrome/Chromium prior to 49.0.2623.75, where PendingScript::notifyFinished incorrectly uses memory-cache data about integrity-check occurrences rather than actual integrity-check successes. This enables bypassing Subresource Integrity (SRI) by triggering two loads of ...