Bypassing Subresource Integrity Protection in Google Chrome

Bypassing Subresource Integrity Protection in Google Chrome

CVE-2016-1636 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The PendingScript::notifyFinished function in WebKit/Source/core/dom/PendingScript.cpp in Google Chrome before 49.0.2623.75 relies on memory-cache information about integrity-check occurrences instead of integrity-check successes, which allows remote attackers to bypass the Subresource Integrity (aka SRI) protection mechanism by triggering two loads of the same resource.

Learn more about our Cis Benchmark Audit For Google Chrome.