The Google Chrome browser vulnerability allowed attackers to bypass the Content Security Policy (CSP) protections to steal data from website visitors.
A severe vulnerability in Google’s Chromium-based browsers was found to allow attackers to bypass the Content Security Policy (CSP) on websites, executing rogue code and steal data. The bug is found in Opera, Chrome, and Edge, on Mac, Windows, and Android – potentially affecting billions of web users, confirmed Gal Weizmann, the PerimeterX cybersecurity researcher.
CSP is a web standard that thwarts certain types of attacks, including data-injection attacks and cross-site scripting (XSS). CSP allows web admins to specify the domains that browsers should consider to be valid sources of executable scripts.
Source: Threatpost