CVE-2016-1636

CVE-2016-1636

The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity (aka SRI) protection mechanism by triggering two loads of the same resource.

Source: CVE-2016-1636

답글 남기기

이메일 주소는 공개되지 않습니다. 필수 필드는 *로 표시됩니다