CVE-2016-1682

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 51.0.2704.63 Opera (affected versions not specified)

Description The issue is related to the ServiceWorkerContainer::registerServiceWorkerImpl function in WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp in Blink. This function allows remote attackers to bypass the Content Security Policy (CSP) protection mechanism via a ServiceWorker registration. The CSP is a security feature that helps detect and mitigate certain types of attacks, including cross-site scripting (XSS) and data injection attacks.

Recommendations For Google Chrome versions prior to 51.0.2704.63, update to version 51.0.2704.63 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider disabling the ServiceWorker registration functionality until a patch is available.