The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity (aka SRI) protection mechanism by triggering two loads of the same resource.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Chrome | * | 48.0.2564.116 (including) | |
Red Hat Enterprise Linux 6 Supplementary | RedHat | chromium-browser-0:49.0.2623.75-1.el6 | * |
Chromium-browser | Ubuntu | devel | * |
Chromium-browser | Ubuntu | precise | * |
Chromium-browser | Ubuntu | trusty | * |
Chromium-browser | Ubuntu | upstream | * |
Chromium-browser | Ubuntu | wily | * |
Oxide-qt | Ubuntu | devel | * |
Oxide-qt | Ubuntu | trusty | * |
Oxide-qt | Ubuntu | upstream | * |
Oxide-qt | Ubuntu | vivid/stable-phone-overlay | * |
Oxide-qt | Ubuntu | wily | * |