CyberNews Briefs

Google Chrome Browser Bug Exposes Billions of Users to Data Theft

A new vulnerability discovered by researchers allows attackers to bypass Content Security Policy protections and steal data from website visitors. The vulnerability lies in Google’s Chromium-based browsers versions 73 through 83 and has since been patched by Chrome in version 84, which was released in July. Through leveraging the vulnerability, attackers could potentially execute rogue code as well.

CVE-2020-6519, the bug in question, is found in Chrome, Opera, and Edge on Windows, Mac, and Android devices, affecting billions of users. CSP is a web policy standard that mitigates the risks posed by certain attacks such as cross-site scripting and data injection. CSP also allows web admins to dictate the domains that a browser considers valid sources of an executable script, however, the flaw allows attackers to bypass these preventative functions.

Read More: Google Chrome Browser Bug Exposes Billions of Users to Data Theft

OODA Analyst

OODA Analyst

OODA is comprised of a unique team of international experts capable of providing advanced intelligence and analysis, strategy and planning support, risk and threat management, training, decision support, crisis response, and security services to global corporations and governments.