Jww

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 49.0.2623.75 Opera versions prior to 49.0.2623.75 **Description** The issue is related to the PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp, which relies on memory-cache information about integrity-check occurrences instead of integrity-check successes. This allows remote attackers to bypass the Subresource Integrity (SRI) protection mechanism by triggering two loads of the same resource. **Recommendations** For Google Chrome versions prior to 49.0.2623.75, update to version 49.0.2623.75 or later to resolve the issue. For Opera versions prior to 49.0.2623.75, update to a version that includes the fix for this issue, as the exact version is not specified. As a temporary workaround, consider restricting access to the `PendingScript::notifyFinished` function until a patch is available.