CORS Vulnerability in Google Chrome Prior to 76.0.3809.87 Allows Bypassing Content Security Policy via Malicious Extension

CORS Vulnerability in Google Chrome Prior to 76.0.3809.87 Allows Bypassing Content Security Policy via Malicious Extension

CVE-2019-5864 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Insufficient data validation in CORS in Google Chrome prior to 76.0.3809.87 allowed an attacker who convinced a user to install a malicious extension to bypass content security policy via a crafted Chrome Extension.

Learn more about our Cis Benchmark Audit For Google Chrome.