CVE-2016-5135 in Chromeinformazioni

Riassunto

di MITRE

WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "" element.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Fonti

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!