[German]The Google Chrome developers have just released a critical security update for the Chrome browser. Users should update their browser to the current version 67.0.3396.79 as soon as possible.
Security researcher Michał Bentkowski discovered a serious vulnerability in Google Chrome in late May that affects web browser software for all major operating systems, including Windows, Mac and Linux. This is an error in the handling of the Content Security Policy (CSP).
The Content Security Policy (CSP) header allows website owners to add an additional layer of security to a specific web page by allowing them to control resources that the browser can load. Incorrect handling of CSP headers by the web browser could enable attackers to perform cross-site scripting, clickjacking and other types of code injection attacks on any web page.
The Chrome security team described the issue in a short blog post released today as an error in handling the CSP header (CVE-2018-6148) without revealing further technical details about the vulnerability. In the blog contribution of the Google developers, however, further details are missing, only the following note can be found
Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.
Users should ensure that Google Chrome has been updated to version 67.0.3396.79 for Windows, Mac and Linux operating systems. (via)