CVE-2016-1636

by Fred · 05/03/2016

The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity (aka SRI) protection mechanism by triggering two loads of the same resource.

Date published : 2016-03-05

http://www.securityfocus.com/bid/84008

http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html

CVE-2016-1636

Similar

Recent Posts

Categories

CVE-2016-1636

Share this:

Similar

Recent Posts

Categories

Tags