Michael Ficarra

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 47.0.2526.73 Opera (affected versions not specified) **Description** The issue is related to the Content Security Policy (CSP) implementation, specifically the CSPSource::hostMatches function in WebKit/Source/core/frame/csp/CSPSource.cpp. This function accepts an x.y hostname as a match for a *.x.y pattern, which might allow remote attackers to bypass intended access restrictions in certain circumstances by leveraging a policy that was intended to be specific to subdomains. **Recommendations** For Google Chrome versions prior to 47.0.2526.73, update to version 47.0.2526.73 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 47.0.2526.73 Opera versions prior to 47.0.2526.73 (no specific version mentioned, but implied to be the same as Google Chrome) **Description** The issue lies in the CSPSourceList::matches function within the Content Security Policy (CSP) implementation. This function accepts blob:, data:, or filesystem: URLs as a match for a * pattern. As a result, remote attackers can bypass intended scheme restrictions under certain circumstances by leveraging a policy that relies on this pattern. **Recommendations** For Google Chrome versions prior to 47.0.2526.73, update to version 47.0.2526.73 or later to resolve the issue. For Opera, since the specific fixed version is not mentioned, it is recommended to update to the latest version available, ensuring it is at or later than the fixed version for Google Chrome, which is 47.0.2526.73. As a temporary workaround, consider restricting the use of the `CSPSourceList::matches` function until a patch is available.