CVE-2016-1636 in ChromeИнформация

Сводка

по MITRE

The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity (aka SRI) protection mechanism by triggering two loads of the same resource.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Резервировать

12.01.2016

Раскрытие

05.03.2016

Модерация

принято

Вход

VDB-81162

EPSS

0.01836

KEV

Нет

Деятельности

Очень низкий

Источники

Might our Artificial Intelligence support you?

Check our Alexa App!