Lucene search

K

Veracode Vulnerability DatabaseVERACODE:28696

HistoryDec 21, 2020 - 7:49 p.m.

Content-Security Policy Bypass

2020-12-2119:49:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

9

content-security policy

bypass

chromium

vulnerable

insufficient policy enforcement

remote attacker

malicious html page

software

EPSS

0.005

Percentile

76.3%

chromium is vulnerable to content-security policy bypass. Insufficient policy enforcement in CSP allows a remote attacker to bypass content security policy via a malicious HTML page.

References

lists.opensuse.org/opensuse-security-announce/2020-07/msg00069.html

lists.opensuse.org/opensuse-security-announce/2020-08/msg00007.html

lists.opensuse.org/opensuse-security-announce/2020-08/msg00018.html

lists.opensuse.org/opensuse-security-announce/2020-09/msg00041.html

chromereleases.googleblog.com/2020/07/stable-channel-update-for-desktop.html

crbug.com/992698

lists.fedoraproject.org/archives/list/[email protected]/message/MTRPPTKZ2RKVH2XGQCWNFZ7FOGQ5LLCA/

lists.fedoraproject.org/archives/list/[email protected]/message/MYIDWCHG24ZTFD4P42D4A4WWPPA74BCG/

security-tracker.debian.org/tracker/CVE-2020-6527

security.gentoo.org/glsa/202007-08

www.debian.org/security/2021/dsa-4824

EPSS

0.005

Percentile

76.3%

Related for VERACODE:28696

debiancve1 prion1 cve1 ubuntucve1 redhatcve1 nvd1 cvelist1 freebsd1 nessus13 openvas8 fedora2 suse6 kaspersky1 chrome1 gentoo1 redhat1 debian1 osv3 mscve1