Vulnerability Spotlight: Content Security Policy bypass in Microsoft Edge, Google Chrome and Apple Safari
The vulnerabilities were discovered by Nicolai Grødum of Cisco.
Today, Talos is releasing details of vulnerabilities discovered in Microsoft Edge browser as well as older versions of Google Chrome (CVE-2017-5033) and browsers based on the Webkit such as Apple Safari (CVE-2017-2419). An attacker may be able to exploit the vulnerabilities and bypass the Content Security Policy set by the server which may lead to disclosure of confidential information. Microsoft stated that this is by design and has declined to patch this issue.