Google Chrome CVE-2016-5135 Input Validation Bypass Vulnerability

description-logoDescription

WebKit/Source/core/html/parser/HTMLPreloadScanner.cpp in Blink, as used in Google Chrome before 52.0.2743.82, does not consider referrer-policy information inside an HTML document during a preload request, which allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a crafted web site, as demonstrated by a \"Content-Security-Policy: referrer origin-when-cross-origin\" header that overrides a \"\" element.

affected-products-logoAffected Applications

Google Chrome

CVE References

CVE-2016-5135