Government of the Republic of Trinidad and Tobago
gov.tt

TTCSIRT-339.08.19.20: TT-CSIRT ADVISORY – Google Chrome Zero-Day That Allow Attackers To Fully Bypass CSP Rules

TTCSIRT-339.08.19.20: TT-CSIRT ADVISORY – Google Chrome Zero-Day That Allow Attackers To Fully Bypass CSP Rules

A Zero-day vulnerability has been affecting the Chromium-based browsers like Chrome, Opera, Edge – on Windows, Mac, and Android.

And more importantly, they are allowing the attackers to completely bypass the CSP rules on Chrome versions 73 (March 2019) through 83 (July 2020).

CSP is a skill that has a set of rules that are set by the website, but the role of the browser is to recognize and support all the rules in the name of the website.

All these rules can help the user to ask the browser to either block or allow particular application calls, specific types of javascript code execution, and many more.

Doing this ensures the more robust security for site visitors and shield them from potential implanted ill-disposed scripts or any cross-site-scripting (XSS).

Updates are available to mitigate against this vulnerability. Please visit the following links for further information and support:
https://cybersecuritynews.com/google-chrome-browser-zero-day/
https://www.google.com/chrome/update/

If you have any queries or comments with regards to this advisory, please feel free to contact TTCSIRT via contacts@ttcsirt.gov.tt