CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-05-08 01:56:40 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
e7be3f24665f27f4f8a571f070ce04dfd1f54dc4
CVEs-PoC/2016/CVE-2016-1636.md
T
0xMarcio 49bdc782b3 Update Sun May 26 14:27:04 CEST 2024
2024-05-26 14:27:05 +02:00

822 B
Raw Blame History

CVE-2016-1636

Description

The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity (aka SRI) protection mechanism by triggering two loads of the same resource.

POC

Reference

No PoCs from references.

Github

Reference in New Issue View Git Blame Copy Permalink