PT-2016-1348 · Apple+6 · Webkit+6

Jww

Published

2016-03-02

Updated

2024-06-15

CVE-2016-1636

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 49.0.2623.75 Opera versions prior to 49.0.2623.75

Description The issue is related to the PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp, which relies on memory-cache information about integrity-check occurrences instead of integrity-check successes. This allows remote attackers to bypass the Subresource Integrity (SRI) protection mechanism by triggering two loads of the same resource.

Recommendations For Google Chrome versions prior to 49.0.2623.75, update to version 49.0.2623.75 or later to resolve the issue. For Opera versions prior to 49.0.2623.75, update to a version that includes the fix for this issue, as the exact version is not specified. As a temporary workaround, consider restricting access to the PendingScript::notifyFinished function until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2016-1283

BDU:2016-00647

CVE-2016-1636

DSA-3507-1

MGASA-2016-0127

OPENSUSE-SU-2016_0664-1

OPENSUSE-SU-2016_0684-1

OPENSUSE-SU-2016_0729-1

OPENSUSE-SU-2024:10171-1

OPENSUSE-SU-2024:12948-1

RHSA-2016:0359

RHSA-2016_0359

USN-2920-1

Affected Products

Alt Linux

Google Chrome

Opera

Red Hat

Suse

Ubuntu

Webkit

PT-2016-1348 · Apple+6 · Webkit+6

CVE-2016-1636

Weakness Enumeration

Related Identifiers

Affected Products

References · 2378