CVE-2016-5135 in Chromeinformação

Sumário

de MITRE

WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a "Content-Security-Policy: referrer origin-when-cross-origin" header that overrides a "" element.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Reservar

31/05/2016

Divulgação

23/07/2016

Moderação

aceite

Entrada

VDB-90243

CPE

pronto

EPSS

0.01604

KEV

não

Atividades

muito baixo

Fontes

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!