Описание
The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity (aka SRI) protection mechanism by triggering two loads of the same resource.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 49.0.2623.87-0ubuntu1.1232 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [49.0.2623.87-0ubuntu0.14.04.1.1112]] |
| precise | ignored | |
| trusty | released | 49.0.2623.87-0ubuntu0.14.04.1.1112 |
| trusty/esm | DNE | trusty was released [49.0.2623.87-0ubuntu0.14.04.1.1112] |
| upstream | released | 49.0.2623.75 |
| vivid/stable-phone-overlay | DNE | |
| vivid/ubuntu-core | DNE | |
| wily | released | 49.0.2623.87-0ubuntu0.15.10.1.1222 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 1.13.6-0ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was released [1.13.6-0ubuntu0.14.04.1]] |
| precise | DNE | |
| trusty | released | 1.13.6-0ubuntu0.14.04.1 |
| trusty/esm | DNE | trusty was released [1.13.6-0ubuntu0.14.04.1] |
| upstream | released | 1.13.6 |
| vivid/stable-phone-overlay | released | 1.13.6-0ubuntu0.15.04.1~overlay1 |
| vivid/ubuntu-core | DNE | |
| wily | released | 1.13.6-0ubuntu0.15.10.1 |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity (aka SRI) protection mechanism by triggering two loads of the same resource.
The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity (aka SRI) protection mechanism by triggering two loads of the same resource.
The PendingScript::notifyFinished function in WebKit/Source/core/dom/P ...
The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity (aka SRI) protection mechanism by triggering two loads of the same resource.
Уязвимость браузера Google Chrome, позволяющая нарушителю обойти механизмы защиты целостности Subresource
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3