 |
| Chrome puts billions of users at risk of data theft |
Chrome puts billions of users at risk of data theft because a security flaw in Google Chrome allowed attackers to bypass content security policies (CSPs) on websites to implement misleading code.
(CVE-2020-6519) error was found in (Chrome), (Opera) and (Edge) browsers on Windows, Android and Mac.
Network security researcher Gal Weizmann said the vulnerability could affect billions of users.
The Chrome release was affected by version 73 through version 83 (released in March 2019), then version 84 was launched in July. The problem has been resolved.
A content security policy (CSP) is a web standard that prevents certain types of attacks, including cross-site scripting (XSS) attacks and data injection attacks.
The CSP standard allows web administrators to specify the range of valid sources for executable text that the browser should consider.
CSP-compatible browsers execute scripts loaded into source files received from these domains.
In a research report published Monday, Weizmann said: "The CSP standard is the primary way in which website owners implement data security policies to prevent malicious code from running on their websites. Network."
He added, "If the policy can be bypassed, the user's personal information is at risk."
Most of the websites (CSP) are used, the researchers noted, including internet giants such as Facebook, Gmail, Instagram and WhatsApp.
Some well-known names such as (GitHub), Google Play Store, LinkedIn, Paypal, Twitter, Yahoo and Yandex are not affected.
To exploit this vulnerability, the attacker must access a web server to modify the JavaScript statements he was using.
The attacker can then add directives in JavaScript (frame-src) or (child-src). For the injected code to work properly, please rewrite the CSP instructions and the website.
The vulnerability is rated a moderate issue - 10 out of 6.5 in the CvSS rating - but since it affects implementation of the CSP standard, which means it's a major concern, Weizmann puts it. Compared to safety and seat belts in cars. Airbag problems have been compared.