Insufficient policy enforcement in Loader in Google Chrome prior to 138.0.7204.49 allowed a remote attacker to bypass content security policy via a crafted HTML page. (Chromium security severity: Low)
A product requires authentication, but the product has an alternate path or channel that does not require authentication.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Chrome | * | 138.0.7204.49 (excluding) | |
Chromium-browser | Ubuntu | upstream | * |