08-15-2020 , 11:00 PM
https://cybersecuritynews.com/google-chr...-zero-day/ Billions of Users Affected with Google Chrome Zero-Day That Allow Attackers To Fully Bypass CSP Rules
By Balaji N - August 12, 2020 Recently, the security expert at PerimeterX, Gal Weizman has detected a Zero-day flaw in Google Chrome Browser that lets the attackers entirely bypass CSP rules, and this vulnerability was assigned as CVE-2020-6519.
Weizman said that “it was quite surprised him, when he identified that Zero-day vulnerability has been affecting the Chromium-based browsers like Chrome, Opera, Edge – on Windows, Mac, and Android. And more importantly, they are allowing the attackers to completely bypass the CSP rules on Chrome versions 73 (March 2019) through 83 (July 2020).”
CSP is the initial approach that are utilized by the website owners to implement data security policies and to stop ill-disposed Shadow Code executions on their website. Moreover, this issue is quite severe, as Chrome is the most popularly used web browser currently, and it has nearly two billion users and dominating the web browser business with more than 65% part.
By Balaji N - August 12, 2020 Recently, the security expert at PerimeterX, Gal Weizman has detected a Zero-day flaw in Google Chrome Browser that lets the attackers entirely bypass CSP rules, and this vulnerability was assigned as CVE-2020-6519.
Weizman said that “it was quite surprised him, when he identified that Zero-day vulnerability has been affecting the Chromium-based browsers like Chrome, Opera, Edge – on Windows, Mac, and Android. And more importantly, they are allowing the attackers to completely bypass the CSP rules on Chrome versions 73 (March 2019) through 83 (July 2020).”
CSP is the initial approach that are utilized by the website owners to implement data security policies and to stop ill-disposed Shadow Code executions on their website. Moreover, this issue is quite severe, as Chrome is the most popularly used web browser currently, and it has nearly two billion users and dominating the web browser business with more than 65% part.