CVE-2016-1636 in Chromeinformation

Résumé

par MITRE

The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity (aka SRI) protection mechanism by triggering two loads of the same resource.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Réserver

12/01/2016

Divulgation

05/03/2016

Modérer

accepté

Entrée

VDB-81162

CPE

prêt

EPSS

0.01836

KEV

non

Activités

très faible

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!