CVE-2016-1636 in Chromeजानकारी

सारांश

द्वारा MITRE

The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity (aka SRI) protection mechanism by triggering two loads of the same resource.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

आरक्षित करना

12/01/2016

प्रकटीकरण

05/03/2016

प्रविष्टि

VDB-81162

EPSS

0.01836

गतिविधियाँ

बहुत कम

क्षेत्र

Industry, Finance, ...

स्रोत

Might our Artificial Intelligence support you?

Check our Alexa App!