Cisco Blogs

Vulnerability Spotlight: Content Security Policy bypass in Microsoft Edge, Google Chrome and Apple Safari

September 6, 2017 - 0 Comments

The vulnerabilities were discovered by Nicolai Grødum of Cisco.

Today, Talos is releasing details of vulnerabilities discovered in Microsoft Edge browser as well as older versions of Google Chrome (CVE-2017-5033) and browsers based on the Webkit such as Apple Safari (CVE-2017-2419). An attacker may be able to exploit the vulnerabilities and bypass the Content Security Policy set by the server which may lead to disclosure of confidential information. Microsoft stated that this is by design and has declined to patch this issue.



In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.