{"id":15301,"date":"2020-08-11T07:24:54","date_gmt":"2020-08-11T05:24:54","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=15301"},"modified":"2020-08-11T07:24:54","modified_gmt":"2020-08-11T05:24:54","slug":"google-chrome-bug-ermglicht-datenabfluss","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2020\/08\/11\/google-chrome-bug-ermglicht-datenabfluss\/","title":{"rendered":"Google Chrome: Bug enables data theft"},"content":{"rendered":"<p><img decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Chrome.jpg\" align=\"left\">[<a href=\"https:\/\/www.borncity.com\/blog\/2020\/08\/11\/google-chrome-bug-ermglicht-datenabfluss\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]In all Chromium browsers (Google Chrome, Edge, Opera) there is a fat bug CVE-2020-6519, which introduces a vulnerability that allows attackers to bypass the Content Security Policy (CSP) protection and steal data from website visitors.<\/p>\n<p><!--more--><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" alt=\"\" src=\"https:\/\/vg05.met.vgwort.de\/na\/03193e0f11f94e51820c6d19f166930f\" width=\"1\" height=\"1\">The bug&nbsp; has been described in the <a href=\"https:\/\/bugs.chromium.org\/p\/chromium\/issues\/detail?id=1064676\" target=\"_blank\" rel=\"noopener noreferrer\">Chromium-Tracker<\/a> since March 2020 &#8211; but I became aware of the issue via the following tweet.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">Google Chrome Browser Bug Exposes Billions of Users to Data Theft <a href=\"https:\/\/t.co\/sODBN0Sns2\">https:\/\/t.co\/sODBN0Sns2<\/a><\/p>\n<p>\u2014 Nicolas Krassas (@Dinosn) <a href=\"https:\/\/twitter.com\/Dinosn\/status\/1293017725950922752?ref_src=twsrc%5Etfw\">August 11, 2020<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<h2>Chrome&nbsp; before version 84 affected<\/h2>\n<p>The bug (CVE-2020-6519) was found in Chrome, Opera and Edge, on Windows, Mac and Android. Security researcher Gal Weizman has now disclosed the whole thing <a href=\"https:\/\/www.perimeterx.com\/tech-blog\/2020\/csp-bypass-vuln-disclosure\/\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>. The security researcher was very surprised when he discovered this zero-day vulnerability in Chrome-based browsers &#8211; Chrome, Opera, Edge &#8211; on Windows, Mac and Android. The bug allowed attackers to completely bypass the CSP rules of Chrome versions 73 (March 2019) through 83 (July 2020). Only Chrome 84 fixes this vulnerability.<\/p>\n<p>To better understand the extent of this vulnerability: The number of potentially affected users is in the billions, because Chrome alone has over two billion users. Some of the most popular sites on the web, such as Facebook, WellsFargo, Gmail, Zoom, Tiktok, Instagram, WhatsApp, Investopedia, ESPN, Roblox, Indeed, Blogger, Quora, and others are vulnerable to this vulnerability.<\/p>\n<h2>CSP, what is it?<\/h2>\n<p>The <a href=\"https:\/\/content-security-policy.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">Content Security Policy (CSP)<\/a> is basically a set of rules set by the website, which the browser here has to respect and enforce on behalf of the website. These rules allow the website to prompt the browser to block\/allow certain request calls, certain types of Javascript code execution, and more, thereby increasing the safety of website visitors and protecting them from potentially infiltrated malicious scripts or <a href=\"https:\/\/owasp.org\/www-community\/attacks\/xss\/\" target=\"_blank\" rel=\"noopener noreferrer\">cross-site scripting<\/a> (XSS).&nbsp; <\/p>\n<blockquote>\n<p>A vulnerability in the CSP does not directly imply a privacy violation, as the attacker must also be able to get the malicious script to be called from the website (which is why the vulnerability has been classified as a moderate vulnerability).<\/p>\n<\/blockquote>\n<h2>How to bypass CSP with one line<\/h2>\n<p>Gal Weizman has succeeded in breaking the CSP with a one-liner &#8211; as he writes in <a href=\"https:\/\/www.perimeterx.com\/tech-blog\/2020\/csp-bypass-vuln-disclosure\/\" target=\"_blank\" rel=\"noopener noreferrer\">this blog post<\/a>. It is sufficient to use an iFrame tag. Weizmann then published a <a href=\"https:\/\/github.com\/PerimeterX\/CVE-2020-6519\/tree\/master\/POC\" target=\"_blank\" rel=\"noopener noreferrer\">proof of concept<\/a>.&nbsp; So users should update to version 84 of the Chrome Browser or a Chromium Clone as soon as possible.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]In all Chromium browsers (Google Chrome, Edge, Opera) there is a fat bug CVE-2020-6519, which introduces a vulnerability that allows attackers to bypass the Content Security Policy (CSP) protection and steal data from website visitors.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[872,580,1547,1218],"tags":[780,69],"class_list":["post-15301","post","type-post","status-publish","format-standard","hentry","category-browser","category-security","category-software","category-virtualization","tag-chrome","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/15301","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=15301"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/15301\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=15301"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=15301"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=15301"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}