CVE-2016-1636 in Chromethông tin

Tóm tắt

Bởi MITRE

The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity (aka SRI) protection mechanism by triggering two loads of the same resource.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Nguồn

Interested in the pricing of exploits?

See the underground prices here!