First published: Sun Mar 06 2016(Updated: )
The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity (aka SRI) protection mechanism by triggering two loads of the same resource.
Credit: cve-coordination@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Chrome | <=48.0.2564.116 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.