Primary

Context

Google Chrome Content Security Policy Bypass Vulnerability in Loader

Vulnerability

Patched

A vulnerability allowing remote attackers to bypass content security policy has been identified in Google Chrome. This issue arises from insufficient policy enforcement in the Loader component, affecting Chrome versions prior to 138.0.7204.49. The vulnerability can be exploited by crafting a specific HTML page.

Impact

Exploitation of this vulnerability allows for content security policy bypass, which could lead to the execution of malicious scripts or the loading of harmful resources that would typically be blocked by the policy.

Remediation

Users can update to Google Chrome version 138.0.7204.49 or later to address this vulnerability.

Added: Jun 24, 2025, 8:24 PM

Updated: Jun 24, 2025, 9:24 PM

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.4

impact

0.6

exploitability

4.4

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

0.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Google Chrome Content Security Policy Bypass Vulnerability in Loader

Vulnerability

Impact

Remediation

Affected Products

Google Chrome

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating