Inappropriate implementation in Content Security Policy in Google Chrome prior to 122.0.6261.57 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Medium)
The code uses a function that has inconsistent implementations across operating systems and versions.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Chromium-browser | Ubuntu | bionic | * |
Chromium-browser | Ubuntu | trusty | * |
Chromium-browser | Ubuntu | upstream | * |
Chromium-browser | Ubuntu | xenial | * |
The use of inconsistent implementations can cause changes in behavior when the code is ported or built under a different environment than the programmer expects, which can lead to security problems in some cases. The implementation of many functions varies by platform, and at times, even by different versions of the same platform. Implementation differences can include: